A configuration backup contains information that is normally only accessible to the root administrative user on the appliance. Therefore, any configuration backup that is exported to another system or into a filesystem share must apply security restrictions to the backup file to ensure that unauthorized users cannot read the backup file.
Local user passwords are stored in the backup file in encrypted (hashed) format, not as clear text. However, on the system, access to these password hashes is restricted, as they could be used as input to dictionary attacks. Therefore, administrators must carefully protect configuration backups that are exported, either by restricting file access to the backup, or by applying an additional layer of encryption to the entire backup file, or both.
Directory user passwords are not stored in the appliance, and therefore are not stored in the configuration backup. If you have deployed a directory service such as LDAP or AD for administrative user access, there are no copies of directory service password hashes for directory users stored in the configuration backup. Only the user name, user ID, preferences, and authorization settings for directory users are stored in the backup and then restored.
Following a configuration restore, the local root administrative user password is not modified to the root password at the time of the backup. The root password is left as-is, unmodified, by the restore process, to ensure that the password used by the administrator who is executing the restore process (and thus has logged in, using that password) is retained. If the administrator's intent was to also change the root password at the time of configuration restore, that step must be executed manually following the restore, using the normal administrative password change procedure.