Photobox acquired Moonpig in 2011 [1]. In 2010, Photobox got called out for emailing passwords in plaintext[2], and were quick to take to twitter to say "It will never happen again."[3] At that point, it had only been happening for 4 years [4].
Coupled with the tone of the job advert already posted by others [5], it doesn't seem too hard to imagine a corporate culture where security is not a serious concern until things go wrong.
I was about to ask why anyone would bother sending plain text passwords and store them encrypted. I then remembered a high-school friend's first (and largely unsupervised) job where IIRC he devised a ridiculous password encryption (not hashing) scheme in PHP (on shared hosting).
Unrelated horror unfolded a couple of years later when for some peculiar reason he had to move the site to a godaddy VPS. An unencrypted customer database sitting at /db.sql, fully accessible to the world. Apache had been configured to show directory indexes and, to take the site offline, /index.php had been removed. I think at the time I even needed to explain the possible consequences. I just remember being told that the database was restoring and it wouldn't take too much longer!
I think any remaining part of me that implicitly trusted interesting websites with personal data died that day.
Photobox is the parent company, which bought out moonpig, Papershaker and sticky9. Each product is an entirely different codebase and different team working on it (I know because I did some work for Papershaker, part of which was working on a site wide switchover to SSL - which for now you can manually opt into: https://uk.paper-shaker.com/).
Coupled with the tone of the job advert already posted by others [5], it doesn't seem too hard to imagine a corporate culture where security is not a serious concern until things go wrong.
[1] http://www.bbc.co.uk/news/business-14275632
[2] http://www.pcpro.co.uk/news/security/360163/photobox-sorry-a...
[3] https://twitter.com/PhotoBox/status/20719242964
[4] http://blog.dave.org.uk/2006/06/more-password-s.html
[5] http://careers.photobox.co.uk/security-officer-moonpig/
[edited for clarity]