Storing passwords

Ah, there is also the "registration password is hashed in the same way" part missing in my post. Once we've sent password to the server unencrypted, it's not sane to assume it have been stored securely even if we authenticate through digests.