Hey .. I’m new to wordpress, but honestly … this is a bit scary. And the fact that encrypting passwords in the database is up for debate is … scary in and of itself.
Two reasons for encrypting:
1) The scary possibility someone might get access to the database
2) The privacy of users. We all know you have to be EXTRA careful about choosing random passwords when I sign up on OTHER people’s sites … but I’d feel a lot more comfortable if the admin of the site COULDN’T get access to my password.
Of course, what you have to do is require valid emails for all accounts, so if people forget their password, you have a (fairly) safe way to give them a new one without worrying (too much) about someone intercepting it.
As a side note, the database login password is out in the open in a .php file, so if they can get un-pre-processed access to that, they have complete access to the back-end database …
