Password storage

With all the hype about the amount of personal information people are allowing to be seen in there Social bookmarking profiles, It got me thinking about password storage. Particularly as I've been brushing up on secure password storage for a new project. At a minimum in your web application you should be hashing the users password and adding a salt before storing it in the database. When creating the 'Forgot your password' function I suddenly realised something. All those sites that email you your password when you forget it - instead of issuing a new one. Are almost certainly not hashing your password very securely, if at all !! you might want to think about that for a moment :)