First thing I had to do was see what password I used for reddit. Just to make sure it was not my "top secret" password. I have about 5 levels of passwords I use, depending on how I deem the level of protection I need. My lowest level passwords are known by perhaps other people than myself - but the higher ones are not. And the highest level password I use (eg: the one that locks my laptop - without it, many of the other passwords are not as useful), I use on only a few trusted systems and never give it to anyone and have made it as strong as I could.
Anytime we give our password to a web site - we have no clue what they might do to it. When I heard about reddit - first thing I did was check what password I was using (the lowest level, I wasn't worried about a great threat, no credit cards or anything attached with that one). Now I'll have to find a new low level one, but at least I feel a minimal level of intrusion.
I've written about this myself from time to time (to time....). Let's face it developers - unless you are writing some sort of password vault - you do not need to store the password for an application. And if you do, at least encrypt it - and when encrypting it do so with a key that is stored no where near the actual database (or use transparent data encryption in 10gR2) - to protect against theft like this. Do not even consider storing the key in the database, that would be "not smart".