Obviously you bring up a lot of good points. Sites should use hash, or one way encryption, to store your passwords. Sites should send you new, randomly generated passwords, sites should do a lot of things, actually, but we have little control over them (aside from letter writing).

Here are a few things YOU can do:
1) dont lose your password.
2) Dont use the same password twice.
3) if a site ever emails you your password. Change it immediately. AND, if you do use that password in more then one place, change it wherever you used it.