Just look at http://news.ycombinator.com/item?id=2343330. Tumblr has piles of money, and a misplaced 'i' still gave away all their passwords (fortunately, just their passwords for external APIs...) Keeping the source code secret is usually not security goal #1, and not needing to is a good idea.
Also, un-salted encrypted passwords are still bad. Just compare the top 10 most popular encryptions with a table of the top 10 most popular passwords.
I'll drop this, but please do hash your passwords with something sensible like bcrypt. ;-)
Still, you can have your passwords very securely stored in bcrypt AND mail the plain text out when the account is created. If your email isn't secure that should really be dealt with, and separately.
Also, un-salted encrypted passwords are still bad. Just compare the top 10 most popular encryptions with a table of the top 10 most popular passwords.
I'll drop this, but please do hash your passwords with something sensible like bcrypt. ;-)