I don't know how their back-end is written but my assumption is user logins never actually decrypt the password and check, they encrypt the user login attempt and compare with the encrypted stored value. If someone had obtained a copy of the site/db with the salt + public key, in theory users could log in and successful attempts could have their unencrypted passwords logged. Not saying it's the case but it is absolutely possible.

As a precaution, until I hear people claiming they can actually do something on the site aside from simply log in, I'm not going to provide my credentials yet. That said, this is quite exciting and I have more faith now than before that I'm finally going to get access to my coins soon!!!

Watching this thread closely now