Unencrypted passwords in user profiles
I remember when my community college (step below a state university) switched from a punched-card machine to a Data General (MV?) box (remember them?) in the mid-80s. I was learning FORTRAN on it. We could still get packs of punch cards with the college logo in the vending machines.
It was running some flavor of DG/UX. I was messing around and discovered where my "user profile" was stored, so I looked at it with a hexdump. And the first part of the file was my unencrypted password. Seriously.
Yeah... when I mentioned that to people, it went to hell in a handbasket pretty quick.
Edit: now that I think about it, this must have been something locally written, not part of DG/UX. DG was smarter than that.