[pwaring]

My hosting provider (Bytemark) sends out passwords in plaintext, though I'm not sure if they're stored that way. It is a lot more convenient that having to follow a password reset link, though I'm not entirely convinced by the security/usability trade-off (there's not much on my accounts, since the password simply allows access to the control panel, not root access on the machines).

[pavpanchekha]

If you can retrieve the plaintext, it doesn't matter how you store them. Keep in mind, access to the control panel probably means they can CNAME your address over to their own and start dispensing viruses and malware from a look-alike site.

Storing passwords recoverably is more or less and unforgivable sin; thinking that it is in any case a good idea is a mark of terrible naivete. Because you're compromising the security of yourself, your users, and any other accounts on any other services that your user uses.

[pwaring]

DNS is handled separately, so there's no chance of any of my domains being 'taken over'. The control panel doesn't actually allow you to do that much, and changes to the billing contacts result in a confirmation email being sent.

As for password storage, it's possible that they are encrypted, with the private key held on a separate server, so if you managed to get hold of the user database you wouldn't necessarily be able to access the passwords.

[yuhong]

AFAIK using simple reversable encryption may prevent a simple SQL injection attack, but of course it won't help if the attacker can gain root on the server, which is much harder though.