Best practice is to store passwords as hashed (or digested) values; that way, nobody can get at them.
More generally, security is a multi-faceted process that needs to be considered in each part of the system; if you're asking how to make a system more secure in general, then the SecurityFaq points to many areas you may want to address.
Ping & DNS - updated with new look and Ping home screen widget
Make encryption a one-way process. In other words, users enter passwords that get converted to encrypted values that *NEVER* get decrypted. This means that to verify login you compare the stored value against the encrypted value the user enters. This also means you never display or send the password to a user (which is actually a feature of this model, not a bug). If someone wants to log in as a user without knowing the password, the user's password has to be reset.