I have noticed that the Sitefinity Membership provider is storing the password answer in plain text. IMHO that is just as storing the password itself in plain text. Can this somehow be changed. I don't want to go into the hassle of creating my own membership provider.
I think no one should know the password besides the user and that goes for the password answer as well. I am not a security expert but in every asp.net tutorial for writing membership providers the answer is encrypted/hashed as well.