Per https://github.com/miraheze/mw-config/blob/master/LocalSettings.php#L417, all logins are being prompted with an external login auth.
Less knowledgeable users may enter their login information which will be sent away from miraheze to an external provider who can in theory decrypt the information. (The implementation is likely not secure as the whole layer isn’t securely designed.)
Publicly disclosed already, and extremely easy to find.