7
I don't know if this is how Salsero did it, but here's a way of generating a unique MD5 hash for the encoded password:
$pw = md5(uniqid(mt_rand(), true));
So you could easily generate a different password for each user, and if the user's email address is correct, he can use the "Lost Password" link to generate a new password so he can login.