I've done password reset requests on websites before now and been sent an email containing my password. This shouldn't be possible - it means that they're storing your password completely unencrypted,
Maybe, maybe not. We used to confirm the password as part of the process of saving it into our DB. The only time we had it in clear was during that transition from the form submission into the database. You couldn't, for example, ask for your password to be sent to you after that as we didn't have it unencrypted or in an easily decrypted form.
We don't even do that any more.