I discovered today that TypePad.com is another website that if you request a password reset, they send you your current password in plain text, which means it is either stored unencrypted in their database, or it is encrypted symmetrically (whoever steals their key gets all the passwords for the price of one).
Everytime I see someone do this I am alarmed. My password shouldn't be in plain text anywhere except on my computer (here it is in plain text going over the wire and possibly in their database also). TypePad is a professional web service with millions of users, and they don't have a password recovery system that even pretends to be secure?
