When requesting a password reset, the confirmation page shows my email address. This is a great way to allow a site crawler to gather everyone's email address.
There are diverse opinions of what to do, but what I'm used to seeing these days is a message of the sort "Your password has been emailed to your registered email address. If your email address is no longer valid, please (mailto link)contact the site administrator(/mailto link)."
Lavr,
SteffenPoulsen and
MartinCleaver were involved in the discussion regarding this issue on IRC as of 2005.01.22 1100 EST.
JST
Thanks for reporting this. Also removed password from URL in sent e-mail to not have it show up in access logs, browser history etc.
SVN 8446.
--
SP