Do not store our passwords as plain text.
I signed up and went to change my password. For reasons which I will file a separate bug for, directly after I had to click on the "Lost Password" link on the login page. I was very surprised to find that the email I received contained my password in plain text, meaning that you aren't running it through a one-way hashing algorithm. C'mon guys, this is Web101 stuff here.