Not secure at all.

Hmmm, would a better way to do frictionless registration be to sign them in, then send them an email with a link to set their password?

Any method that does not store passwords in plain text would be better.

I'm not sure what sort of modifications you have made to wordpress, but I can tell you that the default registration system hashes the passwords to store them securely. If you use that default system to generate the passwords, I would think that is safe.