The fact that "most folks" don't recognize the poor security isn't very relevant; it's still poor security. And supposing most people do use the same password for most or all websites they visit, that makes it even more important that sites don't store their passwords in cleartext or in a reversible manner.