Cryptography question - I'm experimenting setting up a site on a cloud hosting site like pagodabox.com. I noticed that there was a "quick start" installation that will install a c5 instance for you w/ one click. My question is, that within the code repo of this quickstart the password salt in the config.php is visible and also the hash for the initial install admin user. Hypothetically speaking, if your mysql database is compromised (exposing users hashes), would having the password salt exposed for all to see make it easier to crack user's passwords?