I think I can handle the hand coding, I just wondered if SecurityAssist did this by default or not.
My concern is that any system that stores a username and password, as plain text, is problematic because it's very likely that people will have registered using a username/password combination that they use elsewhere too. So it becomes a question of liability, if a system we've developed is hacked and the profiles are used to gain access to other systems - Internet banking etc.
In an era of increased GDPR I think it's sensible to remove as much potential liability as possible. I agree that it might be overkill but if we build every system like this when we won't have that concern PLUS we're only building one version of this system as opposed to two.
I appreciate what you're saying about existing registered members/customers - that does sound like a headache.