Logged In: YES 
user_id=598066

<blush> Ignore my comment below, I was thinking of a 
different issue. (No way for a user with a password set to 
clear it to a blank password -- I'll raise as a separate issue 
once I've thought it through.)

I tend to agree with Bengt and Richard on the saving-
plaintext issue -- implementing "forgotten my password" 
as "set a random password and email it to me" is fine. Yes, 
the user then has to change his password back to 
something he _can_ remember, but that's not a big deal 
and shouldn't happen very often.

Note however that "forgotten my password" on a publicly-
accessible tracker can be abused: if J Random Annoyance 
guesses your username and hits "forgotten password" on 
your behalf you get an unwanted email and, in the no-stored-
plaintext model, an unwanted password change...

I'd guess adding it to the security model as a permission 
which may or may not be granted to Anonymous would be 
adequate configuration.