Ideas

The current default implementation in the Accelerator is that if a customer chooses to have an account created when placing an order, an email containing the password in plain text is sent to the registered email address.

Even though it's possible to replace this implementation, the default one in the Accelerator should offer a higher level of security by using a different flow, for example a one-time use link.