People seem to mis-understand what level of security SSL encryption offers. You can make a web form that collects user data and have this sitting behind SSL. Let's say one of the fields on the form is your password. The SSL cert will help protect that as it's posted from the form to the server. However what happens to it once it reaches the server (e.g. in terms of storing it to a database) is a completely different matter. Just because the site uses SSL does not mean anything in relation to the encryption used when storing/processing that data beyond the initial post.