Hi scrab,

I think that this is a website's choice. In general, payment websites are based on a database to store information like usernames/passwords etc.. There is a choice for this info to be stored encrypted but it can also be stored unencrypted/plain text. I think that's a bad practice to store passwords in plain text, but it's your website's choice.
What I suggest is: Don't use your favorite password!

Moreover, you can contact them and explain your concerns!

Edit: This post is technically incorrect, as explained in the following post. But you still want to set a Master Password.

If you have Firefox remember passwords, they are NOT stored in a secure encrypted format UNLESS you apply a master password. I'm not sure there is a good warning about that. To learn more about master passwords, see this article: Use a Primary Password to protect stored logins and passwords.

They stored encrypted in signons.sqlite even if you do not use a MP, but having access to the key3.db file is sufficient to decrypt them and the Password Manager will also show them if you copy the two files to another profile folder or computer.

The names and passwords stored in signons.sqlite are encrypted with a Triple DES key (CBC mode) that is stored in key3.db and a master password adds an additional level to this encryption.
If you do not use a master password then having access to key3.db and signons.sqlite is sufficient to have access to the encrypted names and passwords by placing the two files in a Firefox profile folder.
Always use a strong master password (e.g at least 12 characters) that can't be easily guessed or found via a dictionary look up or a script and you should be safe.
Make sure that you remember that master password or else all your passwords are lost.
You always need the matching file key3.db that was used to create a signons.sqlite file to make it possible to decrypt signons.sqlite.