I sent them an email expressing my displeasure, and received a prompt response. Which I appreciate.
Unfortunately, the gist of the reply was "Don't worry, your data is safe, we don't save your credit card info, etc etc".
Which really misses the point, which is from this point on that particular password is _burned_.
This illustrates an important point, which is that it is a very Bad Idea to re-use passwords from site-to-site. But even so, I feel that it's reasonable to expect a web site to treat my passwords as privileged information, and not to share it with essentially the entire world for the rest of time by emailing it around. Common sense, really.
So, bottom line - Check out as 'guest'. It's not like you're really going to want to be on their spam list.
I hope you passed this along to them. As you mentioned, this is horrible practice and could easily be compromised.
Glad to hear you had a good experience though, i've been going back and forth on placing an order with them.
I just ordered a few sacks of base malt from this site. Overall an excellent experience.
Beware, though - If you register an account with them, they will send you a 'Thanks for Registering' email that contains YOUR PASSWORD IN THE CLEAR. In this day and age, I frankly find it mind-boggling that an e-commerce site would do that.