> "random-password" makes too much trouble for the reasons Olaf and you already pointed out (mail is insecure, displayed passwords will be overlooked..)
I think writing the password to /etc/mysql/root_password (600) and emailing and/or showing a (debconf) notice saying the password is stored there (not showing the password itself) is the best solution. Asking additional questions requires more user interaction and is unhandy if the installer is not the database admin.

