Well....

A year or so ago it was revealed that a simple url string could let you email ANY user's pasword to ANY email address you wanted. Does this sound secure to you?