The encrypted password protects against: Someone stealing a bunch of
passwords and then having access to the site without the real user
every knowing anything happened. And from the site maintainers
misusing the password, as Malte pointed out.
Remember people make exports and backups of their database, leave
these lying around on various computers, and often probably don't
consider the security of that backup nearly as important as the
security of their live system. So, an attacker may not have access to
the live system at all. If your passwords are stored in the clear, he
may have just read all of them from an export of your database.
