How securely do they store user passwords & how good are they at letting us know?
Full algorithm: AES-256-CBC(bcrypt(password))
A slow hashing function is used but such info is "invisible", hidden in a blog post or a talk, or on social media.
Recommended change: Publish storage and hashing info details visibly (e.g. in the docs or FAQ), then let me know.