The contact password for the portal/KB can be sent to the contact in an email template. This means that it is stored in reversible encryption or worse, plain text in the DB. This is a big security risk. Passwords should be stored as non reversible hashes.