Not to put any pressure on the extremely busy and amazing Openfire Dev team, but I too would strongly support use of cryptographically hashed passwords instead of encrypted passwords. I'm not familiar with Kraken's use, but it would seem that use of crypto hashes could be done in place of encrypting passwords in total. Crypto hashed passwords are the strongest form of password security we have today, and when done properly, are almost impossible to reverse. There is no way to make encrypted passwords "safe" since the unencryption key must be stored someplace the server (Openfire in this instance) can access, meaning if the OF server gets compromised, then all of the passwords might as well have been stored in plain text.
just my 2 cents! I know the OF team has a lot on their hands already...