I spoke at a conference recently. As a presenter I was given a login to a site to upload speaker materials, read feedback, and more. The site sent me occasional e-mail reminders (need your bio, provide session description, etc.), and every e-mail included, as a reminder, my login and password. Yes, my password, in a plain old SMTP message, in clear text. Nice, huh? So I sent the organizers several messages suggesting that passwords not be sent in e-mail messages like that, and I thought the situation had improved. But … they just sent another e-mail message, this time not to me but to an events person at Macromedia (someone who helped set up this speaking engagement), and of course the message contained my login and password!