Soldato
Nonsense, that blog is one massive masturbatory hyperbole ridden scaremongering sack of rubbish - and then people like you come along and condense it into a sentence and misrepresent it even further.
So they store their passwords and they're just encrypted, big deal. It's a password for a supermarket it's not that important. If you're using the same password for anything else then it's not Tesco that are the weakest link, and if they do send you out a password reminder of your unencrypted password and by some chance someone can get access.. I can't see a way to easily monetise that given to spend any money with them you'd need the 3 digit security number, verified by visa or mastercard securecode.
There's far too much financial/password scaremongering goes on and irresponsible Hunts like Troy invariably have a vested interest in security hysteria.
When people do crime on the internet the weakest point in the chain is always the customer, and it's always the customer that gives their login details out.