Curiously, after the site has been hacked, next day someone actually tried to log in to my (unrelated) hotmail account, which was using the same password as on this site, but didn't go through due to 2-stage verification. I don't know if the passwords were hashed and salted here before or not, but nevertheless it was an unnerving coincidence. Now with that 30 day password policy it sounds like this site is phishing for more passwords to be stolen, so I'm actually using unsecure and easy to remember passwords, exactly the opposite of what this policy is trying to achieve. The funny thing is, since there is no SSL, the passwords are transmitted unencrypted, making this policy even more useless than it actually is.

Please disable it.