Passwords are encrypted with scrypt. Emails are not stored, only a hash is. If you need to recover your account for any reason (password reset) you must supply the same email used on signup, if the hash matches the backend will happily send a reset token.
This is pretty clever. Is this the default setup from installing one of the pre-built binaries?