You would think all the high-profile hacks earlier this year would have made that particular no-no a NO-NO, especially following the negative publicity and public spanking administered to Sony for storing passwords unencrypted (and protecting them badly from even common SQL injection attacks).
Similar, well-deserved smears for the same thing embarrassed Newegg, hurt the reputations of the leading mobile OS developers by revealing secure data stored as plain text in Android , several iPhone apps, not to mention core parts of both operating systems that collect and store location, usage and other data also in plain text.
So far there's been no response from FON, though there's a long discussion on HackerNews that jumped almost immediately from how insecure plain text is to the ethics of not protecting end-users' private information.
Legierski recommended any FON users change their passwords as quickly as possible.
I'd say, considering how common this particular bit of scandalous behavior apparently is, that you check how securely passwords are stored on some of the other services both you and the users you support log in to.
Users tend to be consistent in the passwords they use, so one cracked account can mean a whole chain of cracked and exploited logins.
That chain that can reach right across from personal or social-networking sites right into the servers they use for work.