[stevetjoa]

I was a reviewer for a Springer journal (MMIR). I contacted Springer in October 2012 to let them know that they store plaintext passwords and share the plaintext passwords with their users (e.g. "Hey, it's review season again. Please login to accept or decline your review assignments. By the way, if you don't remember your password, here it is! abc12345"). Over a brief email exchange, I carefully, politely, and concisely laid out the problems with doing so. All I got was a hilariously dismissive reply.

In October 2013, I received another email from Springer with my password in plaintext, and they CCed this email to another person!!

I declined my review assignments, asked them to permanently delete my account, and I haven't heard from them since.