I don't disagree with many of your points. They mainly point out that there are other areas to address with regards to security and user friedlinesss in recovering a forgotten password.
I dont think any of them change the fact that neither the adminstrator or anyone with casual access to the server should be able to view user passwords.
The simple truth is that people generally use the same, or similar, passwords at all of the servers they login to. Some people even use their ATM Pin numbers as a password. Clearly that is not a good thing. Mix that in with the ability to easily view the passwords, and you've potentially got a very bad thing.
Rusty Tucker Spider Island
PS: Give me the passwod hint of 100 users, and it won't be long before we could discover most of the passords.
