Cannot recall if this has been reported already.
When installing roundcube, its mysql/mariadb password is logged in
/var/log/messages as part of an esmith event:
Jun 9 14:41:25 server esmith::event: GRANT ALL PRIVILEGES ON `roundcubemail`.* TO 'roundcubemail'@'localhost' IDENTIFIED BY 'password';
Is it something we need to take care about?