Gotcha. The current workflow is that we create a random hashed password for you after signup, then on your first login, we prompt you to change your password.
Security is definitely high on our list of concerns. Thanks for the input dmix :)
I hate when I get a password emailed to me to begin with. That makes me wait for the email, and takes me out of the flow. I'd much rather see sites require you to create your secure password when signing up, and then sending an email to confirm your email address. You can even make things limited until it's confirmed. But, don't make me wait any longer to sign up. It's already bad enough I have to do that!
Security is definitely high on our list of concerns. Thanks for the input dmix :)