The VideoLAN Forums

passwords should not be sent in plaintext ever, but they're sent out with the account name in the activation e-mail... that's hardcore not secure, don't you think?

For the forum ? Really ?
Ask the phpBB team.

I do not agree with you, I think it is quite OK to send password in email letter.

Look , my answer is related to web programming just a bit. In Registration progress, when the engine gots your wanted information such as : user name - password - email address and more, it will begin 2 process. at first it makes an MD5 copy of your desired password and insert it to database, then it set a plain text copy of that to your mail box using mail() function. So your passwords are still secure unless there is any problem due to your mail account security.

Tips ::
1- if you pay attention you will find out that on retrieving password using "Remember password" in (PHPBB), it makes a new copy of password for you randomly, if it was plain text in database there was no need to make a new one !
2- if there is a problem in your mail box there is nothing safe for you , ANYONE can hack you through this link :: ucp.php?mode=sendpassword
3- this is just first my post , congratulation ...

I was just at my universities computer pool and I was very surprised that my registration mail contained the password - my neighbours or people behind me could have seen it without a problem. In my opinion this is really unsecure.

That's how most boards and other sites where you have to register do it, you should be aware about that and never read emails concerning registrations in a public place.