That behavior hasn't changed. It can only access plaintext passwords during plaintext operations. That means directly after registration (frontend: onAfterUserRegistration, backend: onAfterNewUser), after profile edit if password changed (frontend: onAfterUserUpdate, backend: onAfterUpdateUser), and after logging in (onAfterLogin).
I've tested onAfterLogin and onAfterUserRegistration both properly giving plain text password. It grabs the plaintext password from POST so if you don't have the password field accessible to the user during registration it won't be able to grab the plaintext password.