I see this was brought up on TRAC within the last two months:
http://core.trac.ww.wp.xz.cn/ticket/12129
Idiot (no offense) Ryan tells us “This is by design. There is a balance to be made between security and user friendliness.”
This is an idiotic response. Yes, there is a balance, this is known as a “retrieve username/pass link” if really needed on the login page, not a system that gives hackers an easy way to crack into the system.
“User friendliness” should FIRST be toward people running your system, not people who cannot manage to login correctly.
