It seems to me that the issue here is that storing in plain text allows an attacker to learn the passwords of users - and many users re-use the same password for many resources. So while Microsoft has a point about a compromised installation is already gone - this issue creates further vulnerability for an organization running the software.