This is a bit misleading but if you read what it says it doesn’t do what you think it does. I says:
When the user has registered, we provide a button for them to click which will post their user name and password to the login action and get them logged in right away. This however causes the user name and password to be passed back in the HTML which may be unacceptable depending on your security needs.
This is about the registration process which can provide a log-in button after registering. It’s not about the login button in the UI at the top.
About the latter:
- We wanted to improved the registration/login experience, see Proposal for a better registration process
- We discussed offering an option to disable the login button but didn’t do it for now: Brainstorming: configuration option to hide the Login button?
- Instead we documented a way to disable it: https://www.xwiki.org/xwiki/bin/view/FAQ/How%20to%20hide%20the%20Login%20button
- PS: The info is in the release notes: Release Notes for XWiki 16.10.0 (XWiki.org) and above
Hope it helps