In theory, yes. But unintentional bugs and security flaws exist (cf sites like have I been pwned), and by storing old passwords next to new ones increases the impact of such bugs and flaws significantly, precisely because folks use the same password for different services. Of course people shouldn’t do that, but they do, and as a dev you should be mindful of that.
The old passwords don’t have to be stored in plain text. They can still be hashed and salted.
In theory, yes. But unintentional bugs and security flaws exist (cf sites like have I been pwned), and by storing old passwords next to new ones increases the impact of such bugs and flaws significantly, precisely because folks use the same password for different services. Of course people shouldn’t do that, but they do, and as a dev you should be mindful of that.