A few weeks ago I signed up for a local credit union and received a membership packet in my email including a reminder of what my password is. I called them to tell them about this security flaw and received a single dollar as a bug bounty, but they still haven't changed it.