Even if you don't check the source code to verify that it's harmless, you should assume your password has been compromised and have already changed it anyway. This just lowers the cost of checking the list and could help us learn more about the compromise.
> users who have already changed their passwords or created a new account won’t have to worry, as they have recently begun hashing and salting their current password databases.
