Could still be encrypted on the database but still be plain-text
A few years ago I was hired to do a security audit for a small community's cooperative day-care facility. They had a set of IP-cameras set up around the facility so parents can watch their children playing at the facility. There was also a live-chat system attached so parents could all coo in real-time when a child did something they thought was adorable.
The database stored pretty much everything encrypted on the database using some pretty decent encryption (Although it was using a symmetrical key). As I started digging through the login page, I found that the password checking page would reverse the encryption on the stored password to perform the string-checking. It did this in a fundamentally broken way. The first page you encountered was "EnterUserPass.php" which contained a username field, a password field and a submit button, which when pressed, would redirect you to "GetPassword.php?<Base64-encoded_username>&<Base64-Encoded_password_entered>". The GetPassword page would run a small bit of code to retrieve the encrypted password from the database and decrypt it, the redirect the user to "CheckPassword.php?<Base64_entered_username>&<Base64_entered_password>&<Base64_Unencrypted_password_from_db>"
The response I got from that mess was "Who would try and break into the website, its a small day care for a community, not a bank!", "Passwords encarded (sic) like that are secure, its not like any of our users are lute-hackers(sic) or anything, they're just suburban soccer-moms", and then "Even if they could see the password, it doesn't matter because they'd only see their own". I kept getting really naive answers like that whenever I'd point out how stupid it was. Especially in light of the fact that you could enter any username you want and see the password; and that login usernames were also the display names in the chat system and forums.
I spoke with the developer for their website since I figured I'd have more luck than the "IT Person" that was running things (They got the job because, of the parents, they knew how to install apps on an iPad, much more than anyone else could say about themselves). The developer was the kid of one of the parents who said they developed the website in pieces like that so that it'd be easier to maintain; the Base64 was used because "It's being protected by SSL, so don't worry brah". When asked about why he used reversible encryption on the passwords rather than a hash and a salt, he responded with "Hashes can have collisions, this way a hacker couldn't guess a password that collides and get in. What kind of idiot are you that you didn't know that?".
The server was an old home computer with a pre-made LAMP distro slapped on top with everything still default from the install disc (which was sitting right on top of it), except the stuff a tutorial told him to change. It was odd that receipt from Best Buy for it showed that it was a $6000 AlienWhore machine with Core-2 Quad in it and 16 GB of RAM, but while the server was in the stupid looking case, its guts were from a late-P3 Gateway branded machine. It must have been coincidence that the dev-kiddie had a Gateway machine on his desk with a P3 label but seemed to perform far better than any P3 I've ever seen...
AS for the Website itself, it was assembled from examples in a book on PHP, some pre-made forum software, a couple tutorials, and chunks of code ripped from Stack Overflow.
I was hired to look at the day-care's systems since a former employer of mine was moving into the area and wanted me to check the place he was planning to send his kid to (He got permission from them for my audit). He paid me for my report and I went along my merry way, glad to be away from such weapons-grade stupidity. And certainly glad I didn't live in that area. It was one of those planned-communities out in the suburbs built for upper-middle-class Yuppies who married some air-head trophy spouse and want to raise their kids "In a good neighborhood away from the city". The central part of the area only had a few businesses: A Wine store, an Italian-style Bistro / Wine bar, a Whole Foods, a designer goods shop, and a full-service gas station / luxury vehicle dealer.