I've been doing IT security for 6 years and, despite really being against government butting into private affairs, I think things like this should be illegal. Companies should be obligated to warn you that their employees can see your password when you enter it. Just a notice to the customer that the information they're giving is not stored encrypted is all I ask.

Then the flippant response from the dev about how "the game's in early access, we don't care about things like security at this stage" is just horrific. They're handling money and passwords and don't care about security! No, you didn't need to care about security prior to going online. Once you start allowing customers to create accounts, your security should already be in place. It's way more expensive to add the security later than it is to just start with it, not to mention everything that's exposed in the mean time.

Yeah, rather poor account security. Here's a ss of the 'recovery' email I'd gotten from em (Though, ofc, I have removed my UN and pass from it.)

http://i.imgur.com/C9U2Rdq.png

They don't even bother with a confirmation email first. They just send out the UN and pass, with nothing - not even a basic security question - to confirm it. (Not that it'd be much better since the pass would still be sent plain, but still... It'd be something to show that they cared just a tiny bit about account security.)