https://codecs.forumotion.net site registration security bad practice

Noting that codecs.forumotion.net is HTTP, not HTTPS, not great but OK. When first registering for the forum a password strength assessment is indicated and a confirmation of the new password is requested - good. However, then both username and password are sent in the *same* confirming email, effectively broadcasting the entire credential set to the world.

The point of a password when would then be what?

The forum is on an external host, so this behavior can't be changed.

Use a unique password and delete the confirmation email if others have access to your mail.

Emails are still encrypted using conventional encryption by the SMTP host, which is most likely a host that uses SSL.

Yes. But for grins I will point out that when you send an email, unless all routing is within a known closed environment such as within an enterprise email system, then you do not know how well or poorly each of the email relays is configured for connection encryption or peer-host authentication. Then, even if all hops are are encrypted and authenticated, one of the relays could be compromised and scanning traffic for interesting content to exfiltrate. Then, routes are not guaranteed to repeat. When I receive phishing emails I use my email client to view the source (the raw text content typically hidden by email clients) and am always amazed at how many hops emails can take.