[EwanToo]

I didn't say it was a smart law, but I'm also not splitting hairs.

If someone has that level of control over your system to access a write only file on a separate secured system, make a copy and extract it somewhere else, they probably also have enough access to insert a piece of code into your authentication system to dump all the plaintext passwords to a separate file as people login over time.

The message remains the same for all users regardless of this law - Don't reuse passwords, you can't trust their security.

[IDisposableHero]

I'll be more specific about failures of security and vigilance: "separate secured system" aren't always as seperate and secured as they should be. Assume that all computers can connect to the internet these days unless specifically configured otherwise, and data gets copied, and copies get left lying around. e.g. the classic "left the laptop on a train" http://www.independent.co.uk/news/uk/politics/exclusive-new-... / "cd got lost in the mail" problem.

[JonnieCache]

Ultimately, if two systems need to exchange data in any way, even in one direction only, they cannot truly be described as separate.

[IDisposableHero]

I'm also not splitting hairs.

of course you aren't. We know this because you say you aren't. What you are is making a nuanced distinction between what you mean when you say "stores hashed passwords" and what is commonly meant by that.