Don't encrypt the passwords then. One way hash them with MD4, MD5 et al plus a secret string. Don't have the secret string in plaintext anywhere, just hack the C source of one of these modules to append the secret key, compile it and destroy the source! Of course with a decent decompiler you can still see the string so build it on the fly from a number of function calls so the chars are spread all over the source/binary. Throw in some XORs, a few dummy function calls, the odd blind alley, random library calls.....all the usual tricks. Decompile the binary an have a look to make sure the compiler has not undone your good works.

Now even if I extract the secret key I am still faced with the task of brute forcing the password hashes. The only loss is that you can't send users a password reminder, you have to do a reset - but hey if they could remember the old one they would not have needed the reminder!

*nix and even M$ store passwords as hashes not reversibly encrypted strings. It just raises the bar that bit higher.