It's amazing how many websites completely drop the ball on security. There are some pretty trivial security measures that just can't be overlooked. Among the most important are SSL and password hashing.
SSL is the technology that, when used, encrypts the data sent to/from your computer to a remote computer. The best example of this is when you type your login credentials into a website. Your browser sends your username and password to whatever website you're logging into. Without SSL this information is transmitted in plain text, and can be intercepted and sold/reused/etc.
Password hashing is a technique of storing data that drastically reduces the likelihood of it being compromised. The basic idea is that a special function, called a hash function, is used to transform sensitive data to meaningless data. The hash function is special in that unique input produces unique output, and that it only works in one direction (there is no way to ‘unhash’). When hash functions are used on passwords a website no longer needs to store your password. Instead they store the hash of your password. Any time you log in, they hash the password you provide and compare it with the stored hash. If they match, you're logged in. If not, you entered the wrong password. When the website's data is compromised (this happens all the time), there is no way for someone to obtain a user's password. The fact of the matter is no one, not even the website you log into, really knows what your password is.
Now this is obviously important for things like your bank account, but what a lot of people don’t realize is that if you use the same password for multiple websites your information is only as secure as the least secure website. In other words imagine you use the same password for your bank's website as you do for another less secure website. It is fairly trivial for someone to maliciously obtain your credentials for the less secure website and use them to gain access to your bank account.
This raises the question of how do you know when a website is hashing passwords and using SSL. It's usually pretty obvious when you using a website with SSL. The browser will display a padlock by the URL or at the bottom of the window. Sometimes the URL box even turns green. However, there are scenarios where you may be using SSL and not know it. With password hashing it's a little trickier. One sure fire test is to click on the "forgot my password" link and follow the steps until you eventually get an email. If that email contains your password in plain text, that website is not hashing passwords. Best case scenario they are encrypting them. Worst case scenario they are storing them in plain text. Usually once a website fails this test my time as a user of that site is short lived.