I've seen some people from Support answer that issue with "The passwords are hashed after the email has been sent" But that honestly does not make it any better. That just means that in any step between entering the password and encrypting it, it can be read in memory. The emails themselves can also be intercepted and any man-in-the-middle attack will be able to access these passwords.

Passwords should NEVER be handled in plain text anywhere in the program except for the text field the user enters them into. This is the most basic thing in cyber security.