Without looking at the answer, I couldn't figure out what the problem with the site was. Could it be that the password is sent to the email? No, that's probably just how they worded the command button. Of course they'd hash a new password and send that to my email. And Atwood wouldn't repeat himself yet again, would he? After a few minutes, I finally guessed: the feature is much too wordy. The entire paragraph under the text field is completely unnecessary. I guess I would want to avoid websites that make this mistake because I don't like poor design and pointless text. Apparently I have more of a mind for design than security.