Back when Worldperks was merged into Skymiles, I was a little bit annoyed that I could use the same password rather than being issued a new one.

Having the same password means either:

1) Worldperks (and or Skymiles) actually stored my password, unencrypted, so the Skymiles system actually could know what my password is.

(For those of you who don't know anything about security: normally all that is stored is an encrypted version of your password. When you log in, the system encrypts what you type and compares the encrypted versions to check they are the same. This means someone who steals the password database still doesn't know anyone's password; they just know the encrypted version, and the encryption is done using some method for which decryption is essentially impossible (other than by trying every possible password))

2) The two systems used exactly the same encryption method (rather unlikely).

3) They continue to use two password databases, presumably to this day because I don't think they ever forced everyone to change passwords.

I'm guessing that, unfortunately, it's (1).