Yes, but you want it to be YOU that are worrying about it, not every one of your users! Yes, capitals and an exclamation point - I must really mean it.
If someone gains access to your db, what do you want them to find - A: a users table with an email column and a plain text password column or B: a users table with an email column and a salted hash of gobblygook (please pardon my use of such heavy techno-jargon) instead of plain text password?
I'd choose option B - email addresses just aren't as valuable as email addresses and their associated passwords.
If someone gains access to your db, what do you want them to find - A: a users table with an email column and a plain text password column or B: a users table with an email column and a salted hash of gobblygook (please pardon my use of such heavy techno-jargon) instead of plain text password?
I'd choose option B - email addresses just aren't as valuable as email addresses and their associated passwords.