Explain it in terms of lines of defense.

Obviously, you're going to be doing everything you can to make sure that your code is secure. But the fact is, your server will not only run code that you wrote, and you have no control over the code written by other people. Even if all of the other code on the machine is open-source, you would need to hire another 2-3 full-time developers to take responsibility for your own branches of everything. Since -let's not kid ourselves- this whole thing is supposed to be a cost-cutting measure, that is not feasible way to go.

Thus, even if you had absolute confidence in your own code, there would still be plenty of room for things to go wrong. You therefore need a way to ensure that even if an attacker gets into the machine, your passwords are still safe. This is where "hashing" (in quotes because the proper algorithms to use in this day and age aren't really hashing algorithms, per se, but it's still a useful catch-all term) comes into play.

In military terms, this is essentially how (and why) you set up multiple lines of defense. No general puts the entire military in the same spot, because you need to account for the possibility that something you didn't foresee allows your front lines to be defeated or bypassed. Hashing is your home guard: the thing that will protect your passwords when everything else has failed. You hope that this will never be needed, but the cost of not having it when you need it is simply too high: multi-million-dollar lawsuits are only the beginning.