While not ideal, if that's during registration and the password wasn't supplied by the user, it doesn't necessarily mean that they're storing it in cleartext. In this particular case, though, the relevant data appears to be stored in the form of MD5 hashes, which isn't much better.
I'm not sure that's a fair assessment. Most NamePros members probably still neglect to use unique passwords even after all our warnings. I really don't think anyone at Epik thought this was possible; they probably just didn't know better, and I strongly doubt other registrars are much better.
That's not to excuse their lack of security or suggest that ignorance is a valid defense, but I really don't think it's fair to say that they don't care about their customers' safety.
It's possible but unlikely. Everything can be hacked, and NamePros is no exception, but we invest an awful lot in security. Every company should assume that they can get hacked and should be prepared for that eventuality. Any company claiming to be invulnerable either lying or delusional--and probably has terrible security.
A healthy approach to security requires anticipating and planning for the worst, even when attacks are successfully thwarted. These are conversations we have on a regular basis at NamePros, and I would strongly encourage other companies to do the same. It keeps us on our toes. If we had a "days since Paul last pointed out internally that all companies get hacked and we should plan for that eventuality" counter, it would be at 8.