It's great, that you store my password encrypted, but this has really no use whatsoever if registration and login are sent via unencrypted http and if you send me the password that I set at the registration via a plain text e-mail
Just a little well intended advice
Greetings,
C.