[sounddust]

Sure, I think everyone on HN agrees that any type of security has its weakness. What we are discussing here is whether 37signals is inadequately handling users' data by storing passwords in plain text, and the argument is that there is no difference in the level of security of "encrypted" passwords if the server has the key to decrypt them.

In other words, even if the author found out before writing the article that 37signals was storing users' passwords encrypted (instead of hashed), then he still would have written his article, and we would still be just as concerned as we are now.

You seem to be arguing against a point that no one is making.