For a site that handles financial transactions, he really should've invested in better measures. Currently it sounds like a Scammers' goldmine.
There isn't much anyone can get from hacking FurBuy since it doesn't handle the actual financial transactions, most information is public, and it'd be hard to game the bidding system, even with internal access. The site's most valuable asset is probably users' passwords, especially if users use the same passwords on other sites, and a username/password dump would cause everyone to flee to The Dealers Den. There's risk on both sides that FurBuy needs to address, especially now that people know that unhashed passwords exist.
Of course, encrypting passwords is only needed if the site is hacked. It'd be better if @FurBuy explained the actual risks involved rather than saying everything's 100% safe, which is never the case. I wish I saved @FurBuy's tweets, because it's obvious from the words they used that @FurBuy is unfamiliar with cryptography, touting encrypting both passwords and the entire database with "two-way" "1024-bit encryption". I don't even. Actually in their defense, it's possible to implement a secure-ish reset system like they have with public key algorithms, but I've never even heard of anyone discussing it, and it's easier to just follow standard practice, and it appears that @FurBuy doesn't have the expertise anyway. I'd even give a large, non-zero probability that the passwords are not encrypted at all.
Coding is work...
And profit margins for websites in the fandom are small to negligible, which is why they're run by people who accept ego stroking as payment while all the professionals ignore the fiasco. It could be much better, but that's a story for another time...
Simple search: Copy and Paste, job done and profit.
I highly recommend
https://crackstation.net/hashing-security.htm instead. "There are a lot of conflicting ideas and misconceptions on how to do password hashing properly, probably due to the abundance of misinformation on the web. Password hashing is one of those things that's so simple, but yet so many people get wrong." Specifically, that link uses unsalted MD5 hashes, which are more easily crackable than other methods. (Rainbow tables exist to quickly crack any 8-character MD5-hashed password.)