For one thing, this type of problem would allow access to continue long after the broken code
is fixed, without the user knowing about it. Also, because of the way the password is stored,
it would easy allow offline cracking of passwords, and users tend to reuse the same password
on different sites.