Is the password stored after deletion?

Well might be good to add that basically no qualified project stores passwords but only a password hash. So yeah we don’t store passwords in the first place. If you login via oauth or passkey and dont have a configured password there is also no hash kept by discourse afaik.