This is from May, and 37signals just made a fairly large change to their authentication system (I think its called Launchpad). Their password recovery system now works differently than described in this post, so I doubt they're still storing them plaintext (thank goodness).
Yeah, it may work differently now, but I think the point still holds. I understand that engineering's all about tradeoffs and being practical with your time, but things like plaintext passwords are unacceptable (IMHO) in even the first cut of a production system, let alone an established one with a large userbase.
