All went well, and then I noticed that they emailed me my password after I created the account.
"OK, well, that's not too cool, but I can just change it." So I did.
They emailed me the CHANGED password "for my reference".
So basically it's impossible to have a secure account on their website. Any time you change your password, it will be handily emailed to you in plaintext for all and sundry to see.
I sent them a nastygram, and here's the response:
Thank you for your recent e-mail concerning our e-mail verification procedure.Emphasis mine.
E-mail distribution of username and password is service we provide to our users so they are able to save the e-mail as a ready reference for future use. This policy is considered to be industry standard and is currently the only option we offer for this type of inquiry feedback. We apologize if this has created any inconvenience for you.
I've sent another, more detailed discussion of their inadequacies. This could get fun.