[naner]

This really isn't that uncommon. When forced to choose between easier customer support or ostensibly better security practices, easier customer support usually wins. Stolen passwords through email/eavesdropping are rare enough that they can deal with it on a case-by-case basis. If someone somehow gets access to the entire database of passwords (also rare) then they have other security issues that likely would have been a problem no matter how they stored passwords.

If company X hashes your password on their server you still don't know that they did it properly or how good the rest of their security is. Basically the only way this differs is that you when you forget your password, your actual password sent in plaintext over the network and is now sitting in your email account. That makes me uncomfortable so I change it right away. Which is the exact same set of steps you would use for a hashed password reset.

Everybody focuses on the hashing thing like it is some kind of impenetrable defense or crystal ball into a company's security practices. It is not.

[pavpanchekha]

You miss the problem --- it's not that hackers get access to your Hover password. It's that for most people, they get access to all of their other passwords, since they're all the same. Also, stealing Hover passwords by wiresniffing must be done on a case-by-case basis, or at least by small geographic neighborhood; stealing them via a database dump can be done en mass.