I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?
Most big sites use either bcrypt or PBKDF2 for password hashing. The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack.