Security
Use salted multi-iteration hashing for passwords using one of the SHA-2 algorithms. Passwords in the existing SHA-1 format need to be automatically upgraded once the user logs in again.
So while doing some research last night, my partner found
http://codahale.com/how-to-safely-store-a-password/I think the article makes a valid point. What do you think, theymos? Maybe bcrypt(SHA-256(password)) if we want to be uber paranoid