This would imply adjusting the What's my password? mechanism too.

Yes, of course. You can improve easily by creating a fresh random password and mailing that to the user, and then store it encrypted. After all, they forgot their password, right?

This is still bad security practice, though, as plain text email isn't actually secure. With a bit more effort you can get a decent self-service password reset function. This has been done before, it isn't rocket surgery.