Actually it is the sites fault for not storing passwords as one way encrypted hashes. On my site I store all user passwords as twofish encrypted a hundred times by itself and the user name. No way you can get back the original password text from the hash even if I publish the user/password file. With the password file in hand you cant even log in to my site let alone other sites. I cant believe yahoo stored passwords in clear text.