[professorTuring]

I guess they were proud for using encryption instead of hashing, hence, more secure!

Definitely they didn't follow the one and only rule of security: don't roll your own.

[tsimionescu]

Hashing is not an option for locally saved passwords. Some kind of token-based Auth scheme could work, but not hashed passwords.

That said, the much greater problem is the idea of using a hard-coded key, instead of generating a unique key for each device/installation.

[d1str0]

Unique keys don’t help much. It only takes one person to write a script and put on github so that it can dynamically find the key and unencrypted stored password.

[alias_neo]

Again it's a grad level thing, but many smart grads can work out why encrypting isn't better. At least of the many I've interviewed, even ones I didn't hire could figure this much out.