Cannot recall if this has been reported already.
When installing roundcube, its mysql/mariadb password is logged in /var/log/messages
as part of an esmith event:
Jun 9 14:41:25 server esmith::event[4096]: GRANT ALL PRIVILEGES ON `roundcubemail`.* TO 'roundcubemail'@'localhost' IDENTIFIED BY 'password';
Is it something we need to take care about?