I recently signed up to a website and they sent me the password I signed up with back in a confirmation email to me.<p>It isn't the first time I've seen this, however this website seemed quite legit. I didn't use my normal password but I came close to, so I am angry. Not only this, but the confirmation email was CC'd to some Gmail address.<p>It seems that in 2015 sending plaintext passwords back to people shouldn't be happening. Should we name and shame websites that do this?<p>Edit: Added in fact the email was forwarded to someones Gmail address.