Office Guy- Looks like we'll just have to disagree on this one. My thoughts on a few of your points....


Yes, you shouldn't use the same password for multiple sites- but most users do. Isn't a large chunk of security practices/ techniques designed around the fact that users may not be particularly careful?


A quick survey shows gmail, yahoo, aol, have their email logins on https. hotmail/mslive allows you to do it on an unsecure page- but gives you the option to switch to https. Without trying it- I'm pretty confident their signup process will never send the password in plain text via email. I'd put money on it :-). On hosting co's sending login info via email- maybe, but again minus the password (or at most a temp password, that requires you to change it on first login).


Try changing your password with WA. Go to login.php and click "password assistance". WA sends you an email- with a link back to a secure page where you can update your password. Simple process, no sending of password in the clear.
If WA's initial reg confirm email was exactly as is- but minus the password info, and the user forgets the password they had originally created- they just need to go through the password assistance process above.
-scott