Re: Why are they even holding "passwords"?
Reading between the lines, and this is purely my interpretation of the details released...
The exposed passwords were the original ones from when the site was created, not necessarily live ones.
It's quite possible that there's an archive of sent email which includes the "your site is now live. Access it <here> Your username is <something> and password (which you should change immediately) is <something>"
Those emails shouldn't have been stored in full; potentially not at all. But it's very different to all live passwords being stored in plain text.
I still wouldn't touch GoDaddy with someone else's bargepole.