And hashing them is not useful if you intend to authenticate with them. I think you mean encrypt. Hacker finds encryption key. See "Until someone steals its database."
No, that's not what I meant. It's an analogy - if sites shouldn't store their own passwords in plaintext or reversibly encrypted (which everyone here agrees on - "use BCrypt", etc), then they shouldn't store other passwords in plaintext or reversibly encrypted. They should use something like OAuth instead.