Nope, this issue is uniquely ours and has nothing to do with OpenSRS. I usually try not to speak for them, but I can say authoritatively that this simply isn't the case.
OpenSRS emails both username and password to the administrative address on file when a customer completes the "forgot your password" routine on reseller storefronts.