I've learned web development over the past year. I can throw together a reasonable looking site, sell a reasonable product and obtain the most highly sensitive information from my customers in the process: their email and a password to my site, which, for probably about 50% of the population, is the same password for their email account and most other sites they visit.
One would hope you're storing the passwords as salted hashes (preferably bcrypt) so that passwords won't get leaked no matter how bad you are at database security.
One would hope so. But many websites that keep personal data aren't very secure. Personal information is stolen online pretty often, and it often seems in hindsight that their information security was embarrassingly slack.
If you're a heavy internet user, your information is almost certainly stored in a database sitting on a machine running Windows XP. There can be several security patches in a month, and sys admins can be slow to install them. Are you OK with that?
I would change your "many" to "almost all". Very few websites, even sites that really should know much better (like Newegg or Gawker, both catering to technical audiences), actually implement things in a known safe manner. Many just do plaintext (like Newegg) and many an archaic and/or useless obfuscation mechanism (like Gawker's use of DES).
You should always act defensively when relying on any third-party. Very few are trustworthy. Use a reliable password management system for your passwords (like KeePass or mailing GPG-crypted passwords to yourself) and generate a unique pass for each site. Use a unique mail if you can. If you're storing any data on there, make sure it is encrypted and triple encrypted.
And I have no training in database security.
Yeee haaaaw!