Please for god sake hash our passwords!!! 
With a strong salt/pepper, please!
It is really brazenly to see my password unhashed in the url for the confirmation (in the email), so everyone could get this password!
With a strong salt/pepper, please!
It is really brazenly to see my password unhashed in the url for the confirmation (in the email), so everyone could get this password!
All passwords are hashed... this was not your password in the url... it was a confirmation key, why would we send you your password in some url?