We know that plain text emailed passwords are a bad idea. This will be fixed in MM 3.
For MM 2.1, as a list member, you can turn off the periodic reminder for any list of which you are a member. As a list owner, you can turn off all periodic reminders from your lists. As a site admin, you can turn off all periodic reminders from the site.
That leaves only the "request an immediate reminder and intercept the email" attack as a vulnerability. The list subscribe form says:
You may enter a privacy password below. This provides only mild security,
but should prevent others from messing with your subscription.
*Do not use a valuable password* as it will occasionally be emailed back to you in cleartext.
which implies that such a password, even if it is not an autogenerated one, is less likely to work in other contexts.
We know that plain text emailed passwords are a bad idea. This will be fixed in MM 3.
For MM 2.1, as a list member, you can turn off the periodic reminder for any list of which you are a member. As a list owner, you can turn off all periodic reminders from your lists. As a site admin, you can turn off all periodic reminders from the site.
That leaves only the "request an immediate reminder and intercept the email" attack as a vulnerability. The list subscribe form says:
You may enter a privacy password below. This provides only mild security,
but should prevent others from messing with your subscription.
*Do not use a valuable password* as it will occasionally be emailed back to you in cleartext.
which implies that such a password, even if it is not an autogenerated one, is less likely to work in other contexts.