I was very surprised when I signed up for a new account, setup a username and password, and then received an email from WordPress with my username and password in plain text.
This is highly unsecure! Firstly, no one should ever email a password that is not temporary. Secondly, this means WordPress stores unencrypted passwords in their database. If anyone ever accessed these passwords they would be in plain sight. Passwords should always be stored using some sort of encryption or hash algorithm.
As a new user I am very disappointed from a security standpoint and now I am unsure if I will ever continue using these services.
Please consider changing this. Many people use the same password and usernames for many sites and if you store it and email it in plain sight you could be giving it away unknowingly. If someone forgets their password you should never email them their password, instead you should assign them a new temporary password and suggest that the user changes it as soon as they reactivate their account or login.
I hope WordPress takes security more seriously.