To me, it adds insult to injury when companies that fail to take the most basic, well-known measures to protect their login databases always tell us how much they value the security of user information.

That would only be acceptable if the next words were, "and therefore we have fired the CTO and all programmers involved".