The OP was correct, if they can send you your cleartext password then
their security practices are inadequate, period.
Unless I misunderstand what you're saying (I sort of hope I do) this
is Security 101.
As I've said a couple of times already, but perhaps without the capital
letters, from a security point of view, generating a NEW PASSWORD and
sending it in cleartext is no worse than sending you a one time reset
link. Either way, if a bad guy can intercept your mail, you lose.
A few moments' thought will confirm this has nothing to do with the way
passwords are stored within the mail system's database.
R's,
John
