True... but there is still stuff to think about.
- How do you verify that the person is indeed the person you think you're sending the password to?
- Do you change the password immediatly as someone made the request, or do you wait to verify that the request was valid by verifiying the user through some other means... (If the person was on your site as the password was reset, this could be a bad thing...)
Anyways, just a "thought exercise" first thing in the morning...
+nutse\nutsr\nuts P\nutse\nutsr\nutsl\nuts H\nutsa\nutsc\nutsk\nutse\n