Well why not, the passwords are in the database and only the application itself can display them? If somebody forgets his password, we could immediately send an e-mail containing the password.