when a dev with absolutely no knowledge of the systems or whatsoever, tells a client "sure, easy. we can get your password if you forget" and that client then comes to you and doesnt understand he has to use the recovery function because its encrypted using a slow oneway hash...

needless to say, that dev thought passwords were stored in cleartext..