If you send the password in email, that's at least one instance where it was readable in clear text to everyone on the network between you and the server (and probably things like packet sniffers on the local network, right?). It's not as bad as storing it in the clear, but it removes some of the value of (e.g.) hosting a login page via SSL.