OT: Worthwhile *security-competent* web host?

[Nick Sabalausky]

Anyone know of a reliable, reasonably-priced web host that...and here's the 
key part...actually understands even the most basic security concepts?

It seems like every place out there has an IT/support department that is 
absolutely convinced of one or more of the following:

1. Unencrypted emails are secure.

2. PGP *signing* an email encrypts the entire message.

3. It is somehow possible to email users their passwords without the 
password ever being stored in either plaintext or in a reversible form (not 
counting, of course, the process that actually sets the password in the 
first place).

4. Secure access to the control panel isn't important.

5. If all of the navigation links and redirects inside of the HTTPS secure 
version of the control panel (including the URL that the login form submits 
to) all point directly to the insecure HTTP version, this somehow doesn't 
defeat the whole point of having secure control panel access.

6. Some other such silliness.