[PHPAdam]

At least Half Encode password, as a reminder. 50% plain text, 50% hashed out. Or a temporary login token url.

Never send users plain text passwords in email.