I ran across your post as I was in need of an older password digest algorithm when communicating with Amadeus Web Services (WBS). After diving through some articles on WSE and SoapUI I think this may just be a simple bug based on how I believe this was intended to be used.
A SoapUi article describes PasswordDigestExt "The PasswordDigestExt option is non-standard and should only be used for interop issues where the message receiver desires an extra SHA-1 Hash of the password."
https://www.soapui.org/soapui-projects/ws-security.html
