They could have encrypted your password and decrypted it for that email. Still poor practices but there's nothing here to indicate what your title states.<p>The bottom of your article also suggests people use MD5 and salts, so clearly you aren't in a position to be criticizing anyone's password policy :)