Oh, I see, well that's a bit different then. I didn't have a chance to follow all the messages in these threads, but from the sound of it, someone inadvertently sent their hosting control panel password through an email server that was later compromised and gave someone access to the control panel? I'll use this as a case in point in the future the next time someone dismisses the risk of sending sensitive information in the clear over email. On a side note, it never ceases to amaze me at how companies (even financial ones) will send scanned forms full of sensitive information over email with no encryption and never give it a second thought.
I am pretty sure Rackspace does not send passwords over emails - just the password reset link to the list of authorized emails on the account. They also use opportunistic TLS so if the recipient email server supports TLS the in-flight data will be encrypted.
However, in this particular case it didn't matter because it appears that one of the authorized email addresses was hosted on a compromised server.