Currently ReactiveUserDetailsServiceAutoConfiguration and UserDetailsServiceAutoConfiguration log generated passwords so that they can be used by the developer. We should include an additional note to let them know that they should not go to production without setting a real one.