Check his source, of, wait a minute, only bitcoin-central.net is open source and correctly stores passwords using bcrypt (yes, hashes and salts are good but bcrypt is much better 
)
)Hrm. Bcrypt, eh?
Oh, and BitcoinPouch.com is also open-source. I just haven't been plugging it much because I want to make sure it's well-tested and hardened before I expose it to the general public. Open source is good for that very reason. Plus it's nice to be able to fix, with your own hands, any security holes you notice instead of having to wait on someone else to do it.