It's not polite to mock the stupid. But when a major company like Apple does something quite this astoundingly dumb, the only real option is to propagate it as a warning to others. And I don't mean just other .mac users. I mean other tech support teams or webmasters who might think that sending out passwords to unvalidated addresses is a good thing.
(Or root SSH keys, for that matter. You know who you are).
Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.
The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.
http_request.overrideMimeType('text/xml');to force the behaviour of your XMLHttpRequest object