The facebook example is interesting: As facebook needs your gmail password to log into gmail on your behalf, it’s no use them storing just a hash of it - they must need (at some point) the plaintext at every login. Obviously the passwords should be encrypted in the database, but I wonder if there’s a smarter solution…?