The key doesn't have to be stored on the server. It can be on a private computer that is not connected to any network at all. Still vulnerable, but much less so.
> It can be on a private computer that is not connected to any network at all.
So you're saying the support tech gets up from his desk, walks over to the computer with the key, gives the computer some command to produce the key, prints the key or writes it down on a piece of paper, walks back to his computer, types in the key, and finally shreds the piece of paper?
Sure, it's also possible that they store the encrypted passwords in a handwritten ledger and decode them when you log in. I was talking about what Newegg is most likely doing in real life.
So you're saying the support tech gets up from his desk, walks over to the computer with the key, gives the computer some command to produce the key, prints the key or writes it down on a piece of paper, walks back to his computer, types in the key, and finally shreds the piece of paper?