The bootstrap password and client secret provided by the user are not validated - with the default configuration they can even be an empty string. There should be some minimal validation.

We also discussed always generating the password for the boostrap (recovery) cli commands such that the credential will always be sufficiently strong, but that will be treated as a separate task.