Digging a little I found that the company has a 'feature' that allows the user to retrieve the password of the account. All you have to supply is the users email address and you get sent your password. Now if you happen to have taken over a persons email, even for five minutes, for example, you could get their password from this site and chances are they use that same password in loads of different websites too.
But this also means that anyone working in the company will be able to look up the password as well.
Should not happen
I'm not going to name, but will contact the company. They should have a system with encrypted passwords and a reset password option not retrieval...