Always check and cut off PW input to avoid DoS
@rsc If not already done so, the maximum password length should also apply but cutting off the input string, even if dmx.signup.expected_password_complexity = none
to avoid DoS attacs with super long passwords.