Email and password remind login credentials. Just leave a password text field which makes it look like a brain wallet. The safest option is none of those, though; it's to return you a seed phrase instead.

Also, how can I verify these aren't sent to a server? Is the wallet open-source?