First of all, I want to say that asmodai is correct in most of his comments. (Sorry for any hostility you received.) Even if this place is "just a Pokemon site", security is still important. There are many things that could go wrong if someone's account is hacked. Not just spam on this site, but potential impersonation of members of which the possibilities are endless (most simple example: someone impersonates me and asks people to donate to the site).
Onto the main topic. Passwords on this site are hashed and salted in the database. There is no way for me to know anyone's password. The software we use is an open source application called Question2Answer so you can go and look at the code to verify that, if you like.
However, the password is included in the email when you register. This is only possible at that moment because you just typed it into the registration form. After that there is no way to know the password so it wouldn't be sent out.
But you are correct that since emails are not encrypted, it is a small issue that they are sent at all. I will go ahead and remove the password from the registration emails.
