Never trust a site that sends you your password when you forget it. There is no reason for a site to know your password. Sites should store password information as a hash.
Find five examples of situations where passwords have been stored incorrectly.