I didn't think of this before but today I just realised that in soke sites, pw recovery is possible if you know the answers to security questions like
What is your mother's maiden name?
In this case, should the answers to the security questions be hashed or not?