I think the issue of password storage and security is also relatively difficult based on the fact that people want webmasters to be able to get their password for them.
I have a site where I stored all of the password encrypted (probably not correctly, but better than nothing). I kept getting calls from the clients that they had forgotten their password and wanted me to tell it to them.
I told them they would need to use the site’s forgot password functionality because the passwords were encrypted in the database. This always caused problems because they didn’t feel that I needed to go to such lengths to secure the password.
Eventually I won the argument of not storing the users password in plain text by simply refusing to store it in plain text. To this day they still ask me for that change.