It used to be scarily common, but I believe that it's slowly phasing out in favor of hitting a website where you can (re)set the password yourself after a couple of security questions.
I believe it's just a sign of old code (or an old coder) on the site. There may be cases where the guy writing the sitecode is inexperienced or incompetent, but I like to think that such cases are rare.
I think I only see a cleartext password sent via email like once every 10 requests now.
Hey, watch it pal. I was born and raised on '12345' and it's always worked out great for me. Now get off my punch card machine, er, I mean, lawn.