Most of the sites that I have worked on I have used PASSWORD() to store passwords. This routine is only a one way algorithm (no retrieving passwords once they are encrypted without brute force methods) but provides more security as if someone gains access to the database they cannot simple decrypt the passwords and have full access on every account (and possibly other system accounts if people use the same password for multiple sites). On these sites I have never offered original password e-mailing and have always offered password retrieval by creating a random password, updating the user database and then e-mailing the user his/hers new password. Not sure if this is exactly what you wanted, but this is certainly what I would recommend.
Matt
