Originally Posted by smuckleberry
One nitpick, they aren't necessarily storing the password as plain text on the back end too.

Encrypting passwords is little better.

Passwords should be hashed (and salted) using a robust one-way algorithm.