Stop letting Mailman subscribers choose their own password -- it's stored insecurely and sent to them by email in clear text. Even though Mailman displays "Do not use a valuable password as it will occasionally be emailed back to you in cleartext" message, nobody reads messages.
Treat these "not valuable passwords" as good-to-have but not required to be 100% secure tokens and generate them automatically and include them into the links.
Click "Edit the public HTML pages and text files" > "General list information page". Comment out or delete password fields to force Mailman to automatically assign random passwords to users:
<!--
<TR>
<TD COLSPAN="3"><FONT SIZE=-1>You may enter a
privacy password below. This provides only mild security,
but should prevent others from messing with your
subscription. <b>Do not use a valuable password</b> as
it will occasionally be emailed back to you in cleartext.
<br><br>If you choose not to enter a password, one will be
automatically generated for you, and it will be sent to
you once you've confirmed your subscription. You can
always request a mail-back of your password when you edit
your personal options.
<MM-Reminder>
</font>
</TD>
</TR>
<TR>
<TD BGCOLOR="#dddddd">Pick a password:</TD>
<TD><MM-New-Password-Box></TD>
<TD> </TD></TR>
<TR>
<TD BGCOLOR="#dddddd">Reenter password to confirm:</TD>
<TD><MM-Confirm-Password></TD>
<TD> </TD></TR>
-->
Click "Non-digest options". Set "Should Mailman personalize each non-digest delivery?" to "Yes"
The personalization option should be turned on in server config by adding to /etc/mailman/mm_cfg.py:
OWNERS_CAN_ENABLE_PERSONALIZATION = 1
Set "Footer added to mail sent to regular list members" to this text so that it includes "passwords" in the links:
_______________________________________________
Your subscription options:
%(user_optionsurl)s?password=%(user_password)s
If you don't want to receive these emails,
follow the link below to unsubscribe:
%(user_optionsurl)s?password=%(user_password)s&unsub=1&unsubconfirm=1