The passwords are likely encrypted with a salt so would be very hard to reverse.
Sort of. Passwords should be hashed, not encrypted. Encryption is reversible and would require an encryption key that has to get stored as well on the server. If somebody obtains access to the encrypted passwords and the key, obtaining the actual passwords is straightforward.
Luckily, this is not the case here. The first two lines of the dump say:
UserID,Username,Email,Password
1,jed,jed@thefarwilds.com,$1$E1xAsgR1$vPt0d/L3f81Ys3SxJ7rIh/
"$1" means that the MD5 hash of the user's password salted with "E1xAsgR1" is "vPt0d/L3f81Ys3SxJ7rIh/". As long as somebody is using a strong enough password, MD5 works reasonably well for this purpose, i.e., it isn't possible to obtain the password from the salted hash.
However, MD5's speed makes brute-force attacks on weak passwords considerably less expensive than deliberately slow functions like bcrypt, scrypt of simply thousands of iterations of SHA-512. Even my OS uses the latter by default. I'd expect the same fro a service handling my money...
Bottom line: Don't use weak passwords! Never, ever,
reuse a password!
