Have to ask what software you were using, that it was so easy to get his password from out of his login account. This must have been in the days before passwords were hashed or something?
Passwords were not hashed in the database, because it made no sense for me (as the site administrator) to do that. As the site admin it's entirely beneficial for me (not for you) to see your password.
Of course if you're the sort of user who uses the same password on every site, then it benefits you a little bit if the site hashes the password. The site admin or an attacker can still easily steal your password when you log in, so the benefit is small. But by doing this you're trusting every site, which is stupid.
Users should use a completely different, randomly generated password for every site, then whether or not the site hashes the password doesn't matter.
Of course if you're the sort of user who uses the same password on every site, then it benefits you a little bit if the site hashes the password. The site admin or an attacker can still easily steal your password when you log in, so the benefit is small. But by doing this you're trusting every site, which is stupid.
Users should use a completely different, randomly generated password for every site, then whether or not the site hashes the password doesn't matter.