I agree that it's my fault not having a unique password for Envato, I do have unique passwords for most important things, but to have unique weird passwords for everything is too much for me, especially since I'm switching computers all the time, it'd be quite a hassle each time. Especially since I log into a lot of less important sites with this password. If it was a salted and encrypted, I wouldn't bother changing them. But seriously, plaintext. It's the biggest cockup I can imagine. Some may argue, but you can also keep passwords on your phone or online, you're correct, but what if my pass phrase gets hacked to all my unique passwords? How do I know that these services are waterproof? It's not the most secure way of storing passwords either to be honest, but they don't have any other way. It has to be decryptable. In the end, nothing is waterproof.