Maybe a phone call to communicate a password would be better. Not as convenient of course, but security and convenience don't often go together. That assumes your voice provider isn't recording the call.
Frustrated voice fades in, "Right, capital L. No, slash, not backslash. The one that's leaning to the right. Bottom-left to top-right. By the shift key. On your phone? I'm not sure where it is on your phone's keyboard. Ohh, you got it? Ok, the rest is lowercase..."
Sometimes an email or text is better for everyone. But I always split up the info between two bands. Most info in an email and a SMS for the password. Or just have them change it after they log in.
Sure, sometimes that's what you need to do. But, other times, if you know you're sending to a trusted server, such as your own company server that you manage yourself (or people who are trusted manage), it's deemed acceptable to send passwords via email. The problem here is that facebook has introduced a new vector.
It's low grade evil; but low grade evil multiplied by millions starts looking like more serious evil. Just like low grade incompetence begins to cause serious harm when it is inflicted on millions.
