4 reasons the plaintext password is OK in this situation:
1) They generate the password for you, how else are they supposed to get it to you?
2) Just because they email it to you in plaintext does not mean they are storing it in plaintext (they could easily send the email at the time the password is generated)
3) You won't reuse this password on other sites because you didn't choose it. The primary reason why it's bad to store passwords without proper hashing is that a leaked password database means hackers can tap into everybody's email/bank accounts which are using the same password.
4) All the password gets you is access to download a video (no other personal info available). Not a huge risk.
That's A way. For a virtually costless good, this is just as fine a way that has a much smaller chance of capturing a password anyone gives a shit about
Look, my point is that for $35K, a newly-built commerce site should follow basic best practices. It isn't exactly hard to implement, esp. if you're worth $35K. It isn't about someone stealing my account info – it's about evaluating what he got for $35K.
For a commerce site that you will not use or necessarily maintain for years, a system where you don't ever get passwords that other people give you can certainly serve better than one where you do, as the logins are only useful for the content.
This could be more useful to him as his security matters less, as he has less valuable things stored in his site. It may also work better to lower support costs (as many people are pretty bad about keeping track of passwords), and this approach means they can just look at their email to start.
I agree for many cases (say, HN), that it is a good practice, but it's not gold in all cases.
1) They generate the password for you, how else are they supposed to get it to you?
2) Just because they email it to you in plaintext does not mean they are storing it in plaintext (they could easily send the email at the time the password is generated)
3) You won't reuse this password on other sites because you didn't choose it. The primary reason why it's bad to store passwords without proper hashing is that a leaked password database means hackers can tap into everybody's email/bank accounts which are using the same password.
4) All the password gets you is access to download a video (no other personal info available). Not a huge risk.