Forum OpenACS Development: Re: Can question/secret answer be removed from password recovery?
Note that if someone can extract a plain text password from your database, you have pretty much lost it, haven't you? I'm not saying that it should be done, but it isn't the same thing as a /etc/passwd file where every local user can read the file.
I can never remember the answer to a question I choose. Capitalization matters as well. Bottom line is that this is a difficult problem with no obvious 'easy' solution.