I wanted to mention this because the messages in my notifications suggest the new folks might not be aware of this, but the timing is actually quite relevant: I've been working on Mastodon full-time for 4 years. Mastodon was first revealed to the public in a Show HN post around this time in 2016.

There is no verified checkmark on Mastodon.

Mastodon does not store passwords in plain text. This is trivial to confirm as Mastodon is an open-source project. We use the bcrypt algorithm for one-way hashing of passwords. I can't believe someone is spreading misinformation about something so trivial to debunk.