For the record, I do agree with you, and I'm surprised at the number of websites that send out plaintext passwords on confirmation of registration (hopefully prior to doing a one-way encryption on it). And as a mod, I'd love the forum software to be upgraded from that point of view, too: but also speaking as a forum admin elsewhere, I understand it's quite a serious pain in the bum to actually execute well, and needs a significant investment of resources.
So I'm not trying to brush it under the carpet, and I do agree somewhat with your feelings (especially as an ex-information security employee elsewhere) but I think for the time being we need to be pragmatic and accept the current limitations. I wouldn't go as far as to say that Larian doesn't give a crap, they're generally pretty good with end-user support, but I don't want that to sound like your concerns are just being dismissed with a hasty "yes but..." either. Although the forum admins will probably see this post, I'll raise the matter with them anyway to make sure it comes to someone's attention.
