Don't use shadow if the flag is not defined

server/conf.php

@@ -50,10 +50,7 @@ $PBKDF2_LEVEL=1000;
   encrypted login/password values and remove them.
   It's a kind of challenge.
 
-  This option is backward compatible with old version < 0.6, but
-  once activated it cannot be reverted as access tokens will be
-  generated for all values. So, if you want to test it, make
-  a copy of your databases before !
+  This option is backward compatible with old version < 0.6
 
   For now it's deactivated because it requires high cpu bandwidth
   (one derivation + two decryption for each password !). When