To answer your other question, about the two types of passwords stored in the database:
Up until version 2.5, WordPress stored passwords encrypted with the MD5 hashing algorhythm. MD5 is nowadays considered to be poor security – with moderately-priced off-the-shelf GPUs, it takes less than a hour for a program to brute-force all possible combinations of MD5-encrypted passwords up to 6 characters.
Since version 2.5, WordPress encrypts passwords with phpass, a function based on the SHA1 algorhythm, which is better in terms of security (though still not the most advanced algorhythm out there). The ‘check_password’ filter exists so that plugins can replace the native SHA1-based password hashing with still more secure algorhythms.
The differing passwords you’re seeing are most likely the difference between old users who still have MD5 passwords in the system and newer users with the SHA1 passwords. The SHA password hashes begin with “$P$B”. If those users log in to the system with their old passwords, WP will update the stored password hash with one using the current algorhythm.