They should not see your password. If they do they have shit security and are untrustfull.
Thats why its important to have separete passowrd for accounts that stores money.
Sometimes, in free time i do some airdrops. Login with mail and password on multiple sites and multimple shitexchange to utilize those coins not listed on major exchanges (alwais same mail and passowrd - those are shitaccount that does not store money). Once after registrating on new ICO mail from one exchange come in that someone just logged it. So ICO's by airdrops are collecting login and passowrd entered and use them on dozens exchange hoping to find matching one. Thats why i strongly suggerst to have seperate mail and seperate password for accounts that store money or are important for you.
We all have one goal for those exchange airdrops, arent we? Getting their free crypto, trading it for btc or eth or xrp or whatever, and then transferring them to binance or another major exchange lol
To answer your first question: No, that's not ethical at all. The way I understand encryption of user's passwords is that not even the admin can access your un-encrypted password. The admin can see your encrypted password in the database, and that's it. To answer your second question, I wouldn't deposit anything until I made sure what's going on with your password, account, and with the exchange in general. Be careful and stay safe.
Yeah agree. If this was happened at somewhere out of crypto world, i wouldnt be surprised. But seeing this for a crypto exchange is awful.