Privacy and The Database
Passwords are irreversibly "hashed" by the browser into a 128-character-long randomized string before being sent to the website. Upon receipt by the website they are hashed a second time - "salted" - before being stored in the database.
Although sent from the browser to the website unhashed, they are immediately discarded after use; and as with Passwords, are also "Hashed and Salted" before being stored in the database.
The following is from @Chris's actual database record (Username, Password, and Email)
'Chris', '63da5891d8c31a2d873926d809bcdf586b45417e79743c12a2e8885118d4c3835235b99d9786c3ed9aded83fb5c68cc4634664f7533910606b4654bc7a90cbf4', 'd9de6bede893e9608aaf3de6fafb1028c89e7069985d21182658258146d3fe604089cefdae29267fc88a41490e84d8ff13802a3bdbe85843bcb4f1a9fce70d2e', '0099d8a4b394d5efebecc890c4a95c6d1cc094a316f8e8ae2c8dc09d55d91d280a6d7f5689260bddeeb5c9acdfdc400d0e5b252eddf38dff4eea60cbe4fc017e', '059daea5d9fedde00d96756f003681697dc15003556ebc5afab04a5512d4840c369f744b629acd623d0da91a429a64b446e2fac8370307c19c03ec69ce2ca899'
Needless to say?
Email addresses are never shared or used to spam: they can't be.
But lose both your password and email address, and you've locked yourself out!