37Signals did this on basecamp for years too. I haven't checked recently and I assume when the consolidated their authentication they probably fixed it.
It was pretty shocking to get my password in plaintext in an email from a leading web app developer. Especially after DHH's multiple beratings of developers who used authentication libraries instead of rolling their own salted password hashing, because you should really understand how your app is handling such things yourself!
I was surprised that I never saw anyone bring it up anywhere.
It was pretty shocking to get my password in plaintext in an email from a leading web app developer. Especially after DHH's multiple beratings of developers who used authentication libraries instead of rolling their own salted password hashing, because you should really understand how your app is handling such things yourself!
I was surprised that I never saw anyone bring it up anywhere.