Member Rara Avis
If someone was to steal your password to the forums, Chris, where do you suppose they would get it? Off my web server? Or off the post-it note stuck to your monitor? I long ago decided the only way to make a password secure was to never give it to the user. There's a few kinks with that plan, though, that I'm still working on.
Storing encrypted passwords on the system, as opposed to plain-text passwords, has never made a lot of sense to me. The only reasonable way anyone can get to either is by gaining access to my server's hard disk. If they get that far, they don't NEED a password to change your personal data -- because it's sitting in the same file with your highly encrypted password.
There's absolutely nothing wrong with a warm, snuggly blanket as long as you remember that it IS only a blanket. You still need to lock the doors at night.