But encrypting the passwords with a key on the server is an additional "layer of security" that doesn't actually making it harder to crack. You're just adding complexity for naught.
It prevents you from getting the passwords with an SQL injection attack (or by reading the users.txt or whatever storage is used for the user list), so it does add protection.