Personally, I've decided to take the position that password security is the "canary in the coalmine" of a business's awareness about security concerns. The degree to which they aren't protecting user passwords correctly likely predicts the degree to which they aren't aware of SQL injection or XSS vulnerabilities.
They are sacrificing the security of their customers for business reasons (usability will increase retention).
If they get hacked, if/when they send out a disclosure they'll just say that personal information may have been leaked.
Sure, they've made their case for it, but it's only slightly less disconcerting than if they didn't know what a hash is.
Actually, it's probably worse, because at least someone that doesn't know about hashing could be educated - these guys have shown that they put profit above protecting their customers.
Their rationale doesn't make sense to me. If they wanted the same recovery process, they could just send you a new, generated password in a recovery email instead of keeping your actual password in plaintext.
No, but it's pretty damn important. All it takes is one disgruntled employee, one uninformed sys-admin, one mistake, and boom, all that "security" is gone.