(no title)

Why? Almost all websites require email confirmation; sending someone a login-URL via email actually has less friction because the password-choosing step is removed!

> it's perfectly possible to store passwords in a secure format

But it's very hard to do so. Even if you use scrypt, it is very hard to make sure your whole system is actually secure against password leakage.

The simple truth is that letting your users choose their own passwords is a liability; and I've decided to avoid this liability.