How securely do they store user passwords & how good are they at letting us know?
Params: salt=30 chars
Full algorithm: Salted SHA-256(MD5(password))
Inappropriate function used to hash passwords but passwords are salted, at least.
Recommended change: Start using “slow” hashes, don't forget to re-hash existing passwords, publish hashing info visibly, then let me know.