You shouldn't be able to see their passwords in the first place, let alone send it to them. You should only store a one-way encrypted string based on the password they typed.