The plugin installs with a certain set of defaults based on sending users a password when they register. The plugin has a lot of other possible configurations but you must make appropriate changes.
When the plugin is set for moderated registration AND you allow users to set a password at registration, you cannot send the user their password when they are activated. [See Moderating Registration: User Defined Passwords]
In this scenario, it is not necessary to send them a password at all since they have already set it. However, if you want to send them a copy of their user credentials, then the password must be sent in the email that goes to the user when they register, not when they are activated. You can change this in the Emails tab.
The only time a password is available in plain text is when it is actually created. When a generated password is sent, that password is created when the user is approved. This is why the default email content places the password shortcode in the activation email. When a user creates a password at registration, then the only time that password will be available is at that moment. After registration, it will be hashed.
Note: Even though you can email the user their login credentials, that does not mean you should. It is recommended that you not send user credentials to the user via email as this is an insecure mode of transport. If the user is creating their own credentials on the site when they register, there is no need to email this information to the user.