How the hell do you even think “it’s fine, I’ll put this password in plain text” when literally building an app for a CREDIT UNION? Obviously it’s not acceptable to do that anywhere, but you would think they would think just a little bit harder about the decision when working with such sensitive data?
I feel like every single year just gets worse than the last. Very possible it could be as simple as more widespread social media, but 2015 seemed much less scary.