I am a new WordPress user and honestly am not trying to stir up trouble.
I purchased a premium theme ... and went to get support from the provider by creating an account on his forum ... with a userid and password.
I was then emailed my EXACT password in PLAIN TEXT.
He had a rather disinterested approach and said "if this is insecure then every WordPress site would be insecure."
So I came here and created an account and see that I get an automatically generated password again emailed in PLAIN TEXT.
NOT TRYING TO START A FLAME WAR ... but am I missing something here?
I first want to find out why the first forum manager had the ability to email my ORIGINAL password to me and if that password is stored anywhere unencrypted or with weak encryption.
Second, why generate a password and email it in plain text? Not that emails are regularly intercepted ... but it allows someone to possibly hop on a computer and check for emails with "password" in it etc.