What would you say if a SaaS told you that they store your password hashed, but that they can reverse it and get it out in plain text, if someone with authority asks?