I think it would be nice if we had a CheckedPassword event rather than CheckingPassword (or both). This way when the event is triggered, the user is actually authenticated, making it a little more secure. In my use case, I need that plain-text password, but the user also needs to be authenticated when I run the event (and as far as I know, if I want to do that, I have to do manual password checking which isn't really something I'd want to do).
Or, the request data could be added to events (or password to the LoggedIn event).
