As far as I know, they ALL stored the password as plaintext. I ran VBBS and then Iniquity, and those stored the password as plaintext and visible to the sysop.

I also suspect WIIV and Tele(can't remember the last part of the name) stored them as plaintext, but I didn't evaluate those as closely.

I once caught someone calling into my BBS as another user, so I implemented a pseudo 2-factor authentication system that asked for some other details from the profile. I also added a script that made my co-sysops enter a whacky 2nd password in case someone used a vulnerability to download other users' passwords.

I remember in the 2010's when several popular forums swore that they never stored plain-text passwords, but then sent out emails to their users once they were hacked that their passwords have likely been compromised

I mean, if they didn't salt the hashes on a per-user basis, with even 2010s hardware it would be fairly easy to compute the hash of every password below a certain complexity and associate them with emails to get a set of login credentials.