Any user with access rights to the user list can export every single password in the system. For one, storing plain text passwords in any form is poor security and having anyone with access to all users' paswords is also poor security. You can't allow a user to create other users but ensure they can't steal everyone's passwords.
Is there any way to prevent users having access to other people's passwords even if they have the rights to create users. Example, you have an HR user that can create users but we don't want them to have access to the CEO's password. I'm sure all the executives at any company would agree.