I just had to share this snippet from an e-mail I got.

I am not quite sure how they think that my privacy is assured when they are sending my user name and password in an unencrypted e-mail and anyone who can get it can then log in as me and see everything in my profile. I was especially surprised as the company that sent this is a "reputable survey company" and I signed up with them because they were running a survey for Microsoft and I felt that I had an opinion that should be heard. I am considering opting out of their service since they don't seem to know the implications of their e-mail.

Once again we see a case where username/password for login is not a good idea. On the plus side since I am using a program to store my password the one they sent out is unique to their site so I don't have to worry about someone getting into another account with the information. I am hoping for the day when I can start using my information card to log in to web sites like these so they won't feel the need to send me my user name and password.

Read the complete post at http://www.grokdev.com/Blogs/scott/2008/02/14/PrivacyAndSecurityAreDefinitelyDifferentButCantIHaveBoth.aspx