I once worked at a company where one Active Directory server was storing all passwords in plain text. Just think of the havoc someone could do with a dump of that.