Even stipulating perfectly correct use of encryption libraries to encrypt passwords (which is, in practice, an enormous stipulation on its own), there is a significant correlation between having enough access to obtain encrypted passwords, and having enough access to obtain the decryption keys and routines. Yes, there are breaks where the hacker can only get one or the other, but that's such a tenuous "security measure" that it's hardly worthy of the term.