Still many reputed websites stores their passwords in clear text... which is very frustrating. Here are my assumptions why it is like that
1. Developer(or one who designed it) has no knowledge in security.
2. Even if the developer has knowledge, adamant lead who doesn't have any knowledge in security won't allow the developer to change the code he has written.
3. If it is an existing application and business is running smoothly. Business guys won't allow to make any changes
