As the now famous Lavabit email service relaunches with a new architecture aimed at plugging holes in security and deterring surveillance, I can only add my contribution which is to ask that passwords never be sent back again when they are lost. It is known that the good way to do this is to store only password hashes, very long ones, so that the service cannot send a lost password, and puts the burden where it belongs, the actual user. My 2 cents on the subject.