"There is NO SECURITY DOWNSIDE to emailing a user's password to them vs. having some multi-step reset procedure."
That may be true from a site admin's POV, but consider that many people use the same password for everything. Plain text passwords flying through the pipes and then laying about on mail servers is a security risk for the naive user.
That may be true from a site admin's POV, but consider that many people use the same password for everything. Plain text passwords flying through the pipes and then laying about on mail servers is a security risk for the naive user.