Possible Duplicate:
What to do about websites that store plain text passwords
When using a system as it was designed to be used, and the system provides proof that it is storing and/or transmitting passwords in plain-text...
What are best practices in dealing with that system, and the owners of that system, while minimizing risk to yourself via the use of the system, or reporting of the related issues?