The DCSki Forums are powered by UBB.threads, one of the most popular commercial message forum packages on the web, and this is a design feature of UBB.threads that is out of my control. However, UBB.threads will only send this information to the official e-mail address used by the account creator. (And I would always encourage people to never re-use a password across web sites!)
Every forum package I've encountered includes similar functionality, particularly in the case of forgotten passwords, where it e-mails the password (or an "activation" link, which is essentially the same thing, and would also allow someone to access your account if they were able to view your e-mail) to the e-mail address on record. I would prefer that UBB.threads not e-mail the plaintext password on account creation -- especially since someone might re-use the same password across multiple sites (even though they should never do that). I looked through the settings of UBB.threads and don't see an option to do this.
There is always a tradeoff between convenience and security, and you have to consider the "worst case" scenario. In the case of the DCSki Forums, if someone were able to access your private e-mail, they could potentially login as you and post a message under your alias -- but that's it. They shouldn't be able to access any private data (because that type of data doesn't exist on DCSki), and if this ever happened, I would encourage someone to contact me right away to initiate an investigation.
I did just modify the registration message to notify people that the password they use will be e-mailed to them as part of the registration confirmation, so they know not to recycle a password used on other sites, and won't be surprised by this. You could also share your concern with the company that makes UBB.threads (www.ubbcentral.com
). But again, this seems to be common with message forum software. It's certainly not behavior I would expect from an on-line banking site.