A website employee should only be able to reset the password at most if the passwords is properly SALTed or hashed. Storing passwords in plaintext or not hashing them had to be done. It's insecure to just encrypt the password and rather not hash it.

I'm waiting for NewEgg to pull a Gawker now. ;)