I wouldn't have a real problem with a password encrypted reversibly via salted/IV'd RSA public key, with a well-protected, generally offline private key for recovery in the event of some bizarre necessity. Provided there were some legitimate reason to reverse it... Still all the other benefits of a one-way hash, eh?