I just wanted to create a post regarding the same issue. While i trust you that passwords are stored securely, emails are still similar to postcards and sending the password that i just chose to create this account in plain text is a very bad and outdated practice. Any mail server involved gets a copy of the login credentials. Please consider disabling this if the forum's software allows that. Thanks!
At present it doesn't, and I agree, SMTP is not renowned for its security rating. https is fairly imminently due to happen and once that's out the way I'll see what can be done about removing plaintext passwords from the confirmation emails. You are correct in that they are at least stored using a one-way encryption algorithm.
