First of all: I didn't claim that (although, yes, maybe that kind of got implied). [1]
But I even think this practice is useless. They just sent my password in cleartext. It sits now in my inbox and I have to delete it or I store my unprotected password. And - for what exactly? Does that serve any purpose? I just entered it a second ago.
So I question the usefulness of that approach and consider this very first contact unprofessional. YMMV and all.
1: Just tried the 'Forgot my password' dance and it they don't retrieve it at least: Received mail with link to site which sends a mail with auto-generated password to log in. A bit weird, but well..
Deleting an email really isn't that onerous a task, but you are of course free to use whatever criteria you wish to judge a host.
And as you point out with the "forgotten password dance", access to your email account gives an attacker access to your hosting account anyway (although not stealthily).
This was the very first contact. Sending me passwords (same for 'temporary ones' after a reset. I consider that a cumbersome process whereas I consider the initial mail just plain "wrong") delivers more than just the text over this channel.
I read between the lines "Here's your password again from 2 minutes ago. File it away" which again is nothing I consider a good idea. The impression is that they write the digital form of a post-it note of the password for my monitor.
Is it a big issue in itself? Nope, probably not. But it certainly ruined the first impression for me and I'll walk away now. I shared that part because others might (or might not) agree and to potentially save like-minded people a registration.
But I even think this practice is useless. They just sent my password in cleartext. It sits now in my inbox and I have to delete it or I store my unprotected password. And - for what exactly? Does that serve any purpose? I just entered it a second ago.
So I question the usefulness of that approach and consider this very first contact unprofessional. YMMV and all.
1: Just tried the 'Forgot my password' dance and it they don't retrieve it at least: Received mail with link to site which sends a mail with auto-generated password to log in. A bit weird, but well..