The answer is yes if keeping passwords in plain text is considered secure. The obvious answer is NO. No, Facebook has failed you once again. They have kept your passwords for as far back as 2012 in plain text on a server that could be accessed by close to 9,000 of their employees.
Pedro Canahuati, Facebook’s VP Engineering, Security and Privacy declared the mea culpa for Facebook after Brian Krebs from krebsonsecurity reported the incident. In a public announcement on the Facebook Newsroom blog, Facebook declares:
As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems. This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.
The continue to claim that these passwords were never visible to anyone outside of Facebook, but who knows?
Update: I would say for now, go ahead and follow the instructions kindly provided by Wired in their announcement of the incident: whether you get a password notification from Facebook or not, you might as well go ahead and change it as a precaution.
To do so on Facebook desktop, go to Settings → Security and Login → Change Password. On Facebook for iOS and Android, go to Settings & Privacy → Settings → Security and Login → Change Password. On Facebook Lite for Android, go to Settings → Security and Login → Change Password. Changing your account password on either main Facebook or Facebook Lite changes it for both.
On Instagram, go to Settings → Privacy and Security → Password to change your password. Instagram and Facebook do not use the same password, but can be linked to log into one with the other.
And if you do not have a password manager, you have got to get one right now. Check out 1Password or LastPass for starters.