Are passwords still stored as plaintext?

That can be easily tested, using the What's my password? page. As long as you get a mail with your password in plain text, the password must be stored in plain text, or with equivalent security. (It could be encrypted, but with both the decryption code and the decryption key available on the server.) As soon as you get some kind of one-time key instead of your password, your password may be stored hashed or hashed and salted. But unfortunately, it could also still be stored in plain text. But at least, it would not be exposed by mail any longer.

Alexander