[acak]

I'm sorry, I hate pointing anything negative out. Was it a recent change to store passwords in clear text?

It's worrying because the founders of VK started Telegram which claims to be end-to-end encrypted.

[dchest]

No, in 2007 they even sent your password to email immediately after creating account: https://twitter.com/dchest/status/739804779296219136

There was also "remind password" feature: https://twitter.com/extractor/status/739801634423857152

Also, they used to store MD5(password) in cookies.

Yes, these are the same people who made Telegram.

[greenleafjacob]

Sending your password in plain text in email doesn't mean it's stored in plain text; it could be copied from memory into the email before being discarded at the end of execution of the initial request.

[dchest]

If you ever find a service that is stupid enough to send password by email, but smart enough to store it hashed, please let me know.

Also, you missed a part of my comment where I said that they sent passwords by email when you clicked "I forgot password".