Not only does POF store it in plaintext but they email it to you every few days when they send you their "new matches" email. So basically they're sending probably about 1/4 of their member base's passwords in the clear over the internet every day through those emails.
IMO storing this kind of information in plain text was never acceptable. It requires the right combination of arrogance and incompetence for this to happen.
In some ways it's no wonder POF was able to bootstrap and run this amazingly large system all written by one guy with limited hardware. Dunno what their stats (or headcount) are now, but years ago POF was heralded as some genius site because it was all put together by one guy and running on a few load balanced servers.
I'm not saying it takes multiple people to make something secure, but if one person either doesn't have the experience or knowledge to make something secure, and there's only that one person, there's no one else to even determine there's a problem.
I know how and why you should store hashed passwords, but surely you'd have to store credit card numbers in plain text? If you store a hashed credit card number, you'll be unable to charge it again? How do you use a hashed credit card number?
Ideally, you don't store credit card numbers at all. If you need to do recurring billing, there are platforms that will do it for you, otherwise, process the transaction and remove the number from your system. Storing this kind of info securely and in PCI compliance is not trivial, and takes engineering resources that are better used on something that will distinguish your product from competition.
