In case there is a breach in your webapp and you must replace its SECRET_KEY. Could users still log-in with their passwords?
In other words, does the "password h
