Description
Currently all methods returning UserTO instances include hashed password values.
Such values are pretty useless for any lawful usage, so it is safer to not return such values by default, and allow overriding this setting via global configuration.