Yeah, I was surprised to see that this bit wasn't mentioned anywhere. If you are emailing someone their password in plaintext, that means you know their password in plaintext -- which you should not.
That's not quite true, most random web services send out the welcome email from the same page that just hashed your password so during email creation they still have the plaintext copy around even though it dies after the request ends.
And every time they enter it to log in, up until the moment when it's hashed and (maybe the memory is overwritten with zeros before being) garbage collected.
