Even if there is 2-way encryption involved, I don't find that an acceptable means of password storage. If the original password is retrievable by anything other than painful (hopefully infeasible) brute-force means, it's bad.
I agree. Up above it was pointed out that it's bad because a) people use the same passwords across sites, and b) by not allowing peeking at a password, bad employees are forced to use mechanisms that are more likely to create audit trails, like mechanisms that change a password in the database.
