I think it's a reasonable tradeoff - those of us with properly managed password storage can delete the email, but the 99% who _don't_ use some form of password safe can keep using their email archive as their place to look up passwords they've forgotten. (I see this a _lot_ in our clients non-technical Wordpress site subscribers...)
_Lots_ of (mainly non-technical) people _do_ use their email archive as their "(not so) secure password storage".
As someone who regularly deals with website owners with non-technical audiences, I see all the time that this decision by the Wordpress devs is almost certainly a sensibly pragmatic choice. Those of us who know and care about password security can deal with it - delete the email when it arrives, if you're particularly paranoid go back and change it (I'm pretty sure Wordpress only does this on signup, not on password changes).
Until my mom uses 1Passwork or KeyPassX or PasswordSafe (or an equivalent), I can easily see why many many Wordpress site owners think this is the right compromise between password security and useability.