security risk

Hi,

When user set their own password.The password will send to user.
If users don't set password and blank password field - they 'll have random password and send to their mail.

But if user set password they don't need to see password in mail.Because SMTP is not secure protocol.

So, What are you thinking about this?