if it was the welcome message, that's not a problem. It's up to you to change it. If they're emailing you your password to root after you've changed it, you might have an issue.

Exactly, I'm using SoftLayer cloud servers and they do the same thing... displaying a cleartext version of the initial root password for the machine. I don't see a way around it. I do have to get that information somehow.

EC2 servers dont have any passwords at all by default. Not blank ones, but there are actually none set at all. They come primed with a keypair which you get when you create your account.

Considering we live in space year 3000 now, its a wonder that we still have passwords at all. Why can't we have 2 factor keypair authentication for everything? OpenID is thinking too small.

Inject the users public key in as root and have pubkey only logins for root.

Now you are both secure and convenient.