That doesn't really make it any better. If someone gets their database, they almost certainly also have the key they hypothetically encrypted the passwords with.

If they'd used pbkdf/bcrypt or even better, scrypt, this would be a non-issue.

I'm curious - what makes scrypt superior to bcrypt?

The space-hard is important for people throwing 10000 GPU cores at the problem. Bcrypt is more susceptible as it was designed before the million-core world came about; scrypt will continue to thwart due to memory constraints.

In addition to being time-hard (like pbkdf2 and bcrypt), it is also space-hard.

You are right but I had rather they stored the passwords in cleartext than send them over e-mail to the users (because then the e-mail provider has a copy of the password)...

Being able to automatically reproduce them is almost equivalent to storing them in cleartext.

Not if we reuse the password or if you're important enough, a pattern they might recognize