Why do you think Blizzard and Facebook both allow you to log in using multiple variations of CaSe of your password? Why do you think Rackspace can look up your password in plaintext for you?
When the real world and information security research collide, many of the largest and most Internet user savvy companies take the pragmatic approach that usability wins.
An surprising percentage of new signups forget their latest new password between their signup and their first return to the site. Letting them look up that password in the email they just received helps these new users get back into the site.
This site is hiking info, not a secret stash of gold bullion. I think the approach they described in answer to you here is a reasonable one for this kind of site.
Your password is not stored in clear text. It's salted and SHA-256 hashed.
Your password email was generated during the initial save to the database. It was not logged and is now gone from the server. Besides, this is hardly national security—this is hiking.
When the real world and information security research collide, many of the largest and most Internet user savvy companies take the pragmatic approach that usability wins.
An surprising percentage of new signups forget their latest new password between their signup and their first return to the site. Letting them look up that password in the email they just received helps these new users get back into the site.
This site is hiking info, not a secret stash of gold bullion. I think the approach they described in answer to you here is a reasonable one for this kind of site.