Sphinn - Forgotten Password?

Update from Editor of Sphinn:
This post is very misleading. Passwords are only reset after email verification - if you don’t click the link in the email, your password isn’t reset. We also tell people to change the password as soon as they login with the default password. This was already on our radar, and we will be changing the process of resetting a password. It is not however a security risk. For more you can check http://sphinn.com/story/67930

And this is my response:
I agree the passwords are reset only after email verification, I have not written anything about that in post - what I was pointing is that the password is reset to “password” for everyone who does that and not auto generated - I am glad it is in the radar and actions are taken

And below is the original post
Have your ever forgotten password in Sphinn? There are various types of security one had to take, network security and then development security when developing websites.. (Striked it after that update section, to my knowledge handling querystring, XSS (cross site scripting), issues like password reminder falls under the development security area on the design level, but I give respect to Sphinn guys and leave this issue here).

Especially a site popular like Sphinn (on Internet Marketing) should take enough consideration in changing the logic behind the change password.
I forgot my password and activated to generate a new password for me. Check the below screen shot

By default they reset the password to password, Wow - I thought maybe it is random and tried again, hmm the same thing. For people who think it is not a big deal - wait… assume there are atleast 50 users at a given time who had reset their passwords - so all their password is “password”, i.e, until they change the password again. With technologies right now, you can find whether a username is taken or not and try whether it can be logged in with the password “password”. Once that is done - that user profile is hacked.

This though looks like a small issue, it is not, I am not sure how many of you remember mailcity like 10 years before, they will display the password and the security questions will be like, what is your favorite pet? which city you were born? And once you answer them correct they dont mail the password they just displayed your current password. After lots of complain that time - they changed it.

What Sphinn had to do is very simple, when user click on link that they receive, just state in the page that “the new password is sent to their email”. Generate a password (random code - with Uppercase, number etc.,) and send it to them. And when user login take them to the profile page and ask them to change the password right away.

This is not Search engine Optimization, but a small technical part that you have to consider when you were building an social website. Will SPHINN take action - maybe it will if you SPHINN this post!!