Hi,
I noticed that during the config process the root password is saved in the answer file in the /tmp folder. This is a security issue as the root password should never be saved in unsecured format in any file. Since the admin knows the root pw, then kaltura should remove it from that file with a replacement text that says root pw removed for security.
This should also reply to the admin console password as well. Also username as this would give anyone who looked at that file half of the security cover.
You already have a message on the config about the answer file, their should be a message in red about removing that file(s) from the temp dir either by deleting it or downloading it to a safe place offline and then deleting it.
I hope that during development there is someone in the loop that their job is to watch for items such as this and help prevent it before it is released to the public.