This forum is using the standard phpBB software. Indeed, it does encrypt the passwords after sending the confirmation mail. And I agree with you that having the password in plain text in the confirmation mail is very suboptimal - but that phpBB feature isn't configurable. We are looking into migrating to Discourse
, its approach to passwords is much more sane. In fact, with Discourse local passwords aren't necessary at all - one can log in with an external service like Facebook, Twitter or Google. So my favorite solution would be disabling local accounts completely - if we don't store any passwords then we don't have to worry about keeping them safe.