I guess if it's just a standard user I'm not going to worry about it. Also, since it's a random one created for them there should be no problems with it matching their own password for other things. If I was assigning admins during signup then I spose it would be best not to include the username/pass in the url. A small warning for the new user to change their password once they have logged in would be a good idea though. Just so they know that if they want to be more secure in knowing that their private messages are not read by 3rd parties and that unless changed someone else may be able to make posts in their name also.
A number of the users that sign up at my site on a regular basis don't know where to login (I know it is hard to believe) and/or send me emails saying the password doesn't work. (they place the quotes in with the pass) I do intend to have the initial email explain that it's in their best interest to change their password after login though. (good idea) []
https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]