Storing password either in plaintext or hashed version is not really much of consequence as after supplying login data, password is sent in plaintext from your user agent to the web server. (I would surely change my tune if/when the login starts taking place over an encrypted connection and passwords would still be stored in plaintext.)

That is same as sensitive (for some definitions of it) emails being sent from banks or family in plaintext. How does it matter if they are encrypted after receiving?