On DoneCal all passwords for registered users are stored encrypted. It's a one way encryption meaning that once encrypted it's not possible to get it back into clear text. So, if our database was hacked it would not be possible to figure out what your password was before it was encrypted.
What hackers can do is instead something called "brute force attack" which means they try every single letter combination until something works. On DoneCal that's not possible because DoneCal encrypts its passwords with bcrypt. It's the most secure encryption possible for passwords because due to the nature of its encryption it's not possible to check any faster even if you have a supercomputer.
You can read more about bcrypt and what Coda Hale has to say on it on: How To Safely Store A Password