...
In both the setPassword() and checkPassword() methods, the cleartext representation of the password is erased as soon as it is converted into a hash value. After this happens, there is no way for an attacker to get the password as cleartext.
It is also important to note that only one password is being stored, which means it is valid to use a salt in the above manner. If this program were modified to handle more than one password, then it would have to be modified to randomly generate a salt for each password.
Exceptions
MSC18-EX0 You may be forced to encrypt passwords or store them as cleartext when you are extending code or an application that you cannot change. For example, a password manager may need to input passwords into other programs as cleartext.
...