Thanks so much for the reply. What we do is that our production sql server makes a nightly backup of the production database to another server.
This 2nd server is where we run reports and queries from so as not to impact production performance. To access this server, there is an Active Directory user group that authenticates people into SQL server 2005.
Within this copy of the production database, is the tblUser with first name, last name, accountID, password, email address, etc. So there's only a handful of people who can access this server, and that is controlled, but these people have sql server installed on their own PC's, so they make local copies of the database, including tblUser. From here I lose control of who can access what.
This is where I was concerned with the passwords being exposed. If someone had the table, can they reverse the passwords to expose them, etc.