>let's say the salt is, say, a 20 character random phrase using numbers, letters and symbols, what is the weak spot?
The weak spot is in your supposition that they used a salt that strong. That's a huge stretch to make and I think it's highly unlikely they did so. They could've used a two-character salt and still, technically, have used salted and hashed passwords. Doesn't mean it'll take very long to crack them, though.