every time you send your account/domains/ or ftp passwords by email you are putting your store at risk.
 
Email is not secure and was never ment to be secure.
 
When was the last time a vendor (or anyone external to your company) told you that they had someone leave their company and that person had access to your passwords? Will that external company pay your losses if your site is hacked or the banks tag you with a failure to meet PCI standards (credit card data stolen).
 
If a vendor must have passowrds to your system : give them only by phone, and change them after the vendor is done.