I will first describe what I have understood from your question:
- For meetings you are sending username password pairs to the participants - they are used to retrieve documents
- the username and the password are sent in different emails
- all the participants at a meeting share the same username password pair
- participants can be internal (to the organization) or extern
- the username password pair is only valid for a short time (5 to 7 days)
My opinion is that this can be seen are acceptable for moderately sensitive informations (only random attacks, and danger is low even if the informations are leaked)
The highest barrier here is that the credentials are only valid for a short period and only for the documents of a single meeting. For that reason it would not make much sense to have to change the received password.
That can also explain why the credential are shared. The rule is that a secret should not be shared among more than 2 endpoints to prevent leakage, but here the secret expires soon.
The rationale for using 2 emails, is that it does not add that much security, but the cost is so low that it would be pity not to do it.
The problem here is that having external participants makes difficult to imagine a more secure way to send the credentials. The only robust way would be IMHO to send the username by mail, and the password by phone (2 distinct channels) but it can become a time consuming operation if you have many external participants, so it is just the usual balance security/cost/risk.