The list of locked users contains entries for users that do not exist on that server. Occasionally, someone types in their password into the username field. This password then shows up in clear text on the web UI.
This is an old issue; probably there since the early days of password safe 8. Screenshot is from the latest version, 26.6.101, with a fake password.
I personally don’t feel comfortable as an admin seeing these passwords; but there is nothing I can do. I also cannot find out which user made the error and ask them to change it.
My suggestion would be to only show real, existing user accounts in this menu.
