When someone has forgotten his password, there is not much to build on to allow for a "password reset". Using email is weak but there is little choice.
The problem is that they send you your password as plaintext, which means that they have your password stored somewhere, unprotected. This is bad. If you are willing to point them out publicly and mock them, then you may share your experience on this site; however, people in general don't react well to mockery. Sending them an email before is worthwhile:
- If anything else, it will boost your own ego. Playing the role of the nice guy of the story is always elating.
- They are an education company working with a university: they should nominally know the value of knowledge and be open to suggestions.
- They are an education company working with a university: their users are student, who are, security-wise, a scary bunch: they are young, not completely rational, prone to poke at things for the fun of it, they have time on their hands, and they have access to a lot of computing power. This highlights the need for really good security.
Anyway, reusing passwords is bad. You should already be using a specific password for their site. By emailing your password back, they demonstrate sloppy security, but it would be unrealistic to assume that average Web sites do better. One password per site is the rule. Of course this implies managing a lot of passwords; this can be taken care of with some password manager software like this one.