...
In both the setPassword() and checkPassword() methods, the cleartext representation of the password is erased as soon as it is converted into a hash value. After this happens, there is no way for an attacker to get the password as cleartext.
Exceptions
MSC18-EX0 Application Applications such as password managers may need to retrieve the original password in order to enter it into a third-party application. The first important difference here is that the password manager is accessed by a single user. The second important difference is that the program will always have the user's permission to store their passwords in this way. Therefore, provided the user is competent, the program's operation will be safe.
...