First Last now why is securing it that important on the mailing list. Email is not secure to start off with unless you use a signing certificate to sign your messages. Basically everything could be done to secure those passwords and it basically does nothing to stop people posting as you onto the mailing list as a imposter. Posting emails with fake from addresses is really really simple. Something being compromised on is a zero issue. Source code archive yes that had to be secure. Bugzilla and Appdb yes that has to be secure. Now someone breaches you on mailing list post report of breach in bugzilla works very well. There is a reason why wine never in the first place went for a single sign on solution. At some point in the future the world need to move up to signed emails or newer more secure tech.