MySpace store users original passwords in clear-text, and return them by email on request. Enough said really. FAIL.
For reference purposes, there are better ways to do this:
One step better: don’t return the original password (potentially revealing additional information to an attacker), just create a generated one or a one-off link that allows a new one to be created by the user.
Two steps better: don’t store the original password at all, store a one-way hash instead, that way even an attacker who compromises the DB can’t see it (assuming you do it right).