If mrb is right, it looks like they are storing it locally without encryption, which is indeed bad.
What I had written before seeing that:
======================================
Yes it is not. As a consequence, they are not mutually exclusive.
The title would be correct if it said, "Pandora stores encrypted passwords locally". Guess how much less interesting your post would be with that title? ;-)
They hash their passwords.
They encrypt their passwords.
I'd prefer they only did the former, but the fact that they do the former at all is NOT what most people commenting on this thread understand.
