There's a few reasons this is undesirable. The reason that leaps to the fore is that this means the password itself--not a hash of it--is stored in the application. Since people re-use passwords and usernames, that means a breach of security in one website could lose a large swath of many users' online identities. These days, most low-security websites randomly reset your password and email the new one. For financial or other higher security websites, two-factor authentication is normal.
Even so, I like the idea of click-to-send email directly after log in. In some ways that's better than the model that my site uses right now. It makes sense to make it two-step instead of one-step, but it's a good integration of the Forgot Password process.