Evidently they were stored plain text. Until someone updates the users that the breach has been closed and the passwords are actually being stored in a sane manner, you should expect that people who care to do so have full access to your profile.
Yes, but still people should change their passwords *now*. And *again* when the problems have been fixed.
If your password is listed, anyone can use your password to change your posts, or worse: change
your password so you can't change it yourself, later.
If you change it now, your new (temporary) password would still be stored in clear text,
on a possibly insecure host (although apparently the passwords were stolen from a disused server), but getting it would require significant effort as opposed
to just reading a magazine that has probably been copied over a million times already.