I agree with you, but this isn't a solution either. You can, quite trivially, implement sending a one-time random hash that will log the user in when he clicks it. So, you can say "you haven't been active, click here to be logged in". This is less secure than not sending the hash, but we've already established you want the user to log in from the email.
This is more secure than sending them their password and more user-friendly than having them type it in. Plus, the hashes expire after one use, so they won't be able to be reused.
Storing passwords in plaintext is an extremely bad practice.
This is more secure than sending them their password and more user-friendly than having them type it in. Plus, the hashes expire after one use, so they won't be able to be reused.
Storing passwords in plaintext is an extremely bad practice.