Joomla CMS sends registration welcome emails with plain text passwords, which is not a great security practice.
To prevent this you can modify language file:
language/en-GB/en-GB.com_users.ini
Depending on your Joomla installation language en-GB bit may be different for you.
We are interested in two entries:
COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY
COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY
This is full text:
COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nTo activate the account click on the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the following username and password:\n\nUsername: %s\nPassword: %s"
COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be verified before you can use it.\nTo verify the account click on the following link or copy-paste it in your browser:\n %s \n\nAfter verification an administrator will be notified to activate your account. You'll receive a confirmation when it's done.\nOnce that account has been activated you may login to %s using the following username and password:\n\nUsername: %s\nPassword: %s"
In both cases password is passed by the last %s variable, so all we need to do is modify text so last %s is not included. For example, something like this:
COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY="Hello %s,\n\nThank you for registering at %s. Your account is created and must be activated before you can use it.\nTo activate the account click on the following link or copy-paste it in your browser:\n%s \n\nAfter activation you may login to %s using the username: %s and the password you entered during registration."
Tested on Joomla 2.5.6
