Your issue is apparently with them sending your password by email. This has nothing to do with SSL. Having a password stored in an inbox is bad for security reasons that have for the most part little to do with secure transport.
Can you reset it? If so, is it done on an HTTPS form? That's not ideal, but it's not immensely worse than those millions of websites that will send a "reset password link" by email.
I'm not saying their approach is fantastic, but I don't see reasons to get your panties in a bunch. If you are concerned with their email approach (which is not the same as "poor SSL practices") reply to that email (redacting your password), and if you're not happy with their answer or lack thereof, don't buy from them anymore. You don't need to Ask Slashdot for that.