1. This authenticate method will be used for GET request, however it is updating db entry in user table see UserLocalServiceImpl.authenticate()
2. Also in a situation of skipping liferay check, when mutiple requests(of same user with different password) happen at the same time, there will be staleObjectExcetion throwing because they are trying to write digest all together.
3. There will be a performence gain if we remove this piece of code.
4. See PTR-502 disccusion.