You had me worried for a minute there. You're quite right, if the passwords do not match they should be rejected. The "empty" password here means a user does not have a password, and hence they would be unable to log in, rather than a password of "", which would be very bad.
When passwords do no match an empty password is used instead of rejecting or re-prompting to re-enter.
The text was updated successfully, but these errors were encountered: