Especially since that email address presumably is used for the forgot password authentication anyway.
But it is at least the equivalent of a code smell. perhaps a "UX smell"?
A couple of obvious ways it can go bad: An attacker could potentially have access your email (perhaps from a data breach elsewhere or a password stuffing attach) and use the temp password before you do. If the temp password is the one entered by the user during signup, a naive user could sign up using their commonly-reused-password which then sits in cleartext foreven in their email archive.
But it is at least the equivalent of a code smell. perhaps a "UX smell"?
A couple of obvious ways it can go bad: An attacker could potentially have access your email (perhaps from a data breach elsewhere or a password stuffing attach) and use the temp password before you do. If the temp password is the one entered by the user during signup, a naive user could sign up using their commonly-reused-password which then sits in cleartext foreven in their email archive.