Optionally disable display of previous passwords in web interface and logs

The current system allows you to view the previous unencrypted values of passwords in both the history, and on the edit page.  This is potentially insecure as it can allow people to view a pattern or common passwords that are reused (yes, both of these are a problem in themselves, but lets minimise the risk).

I would like to be able to have a configuration switch to disable the display of unencrypted previous passwords on the edit page, and in the logs.