Stop storing passwords as plain text!
Hash and salt passwords. Data OpSec 101.
Just subscribed to this mailinglist (Mailman version 2.1.30rc1) and to my surprised, my password got sent back to me by email in plain text:
You must know your password to change your options (including changing
the password, itself) or to unsubscribe without confirmation. It is:
PWNED_N_DOXXED!
Yes. I know, just use a randomly-generated password for every site. But there's also the proper way of handling user's passwords.