Re: Double passwords
The password in the welcome email, if you restore it…, is generated by this file in wpmu-functions.php:
function wpmu_welcome_user_notification($user_id, $password, $meta = '') {
global $current_site;
if( !apply_filters('wpmu_welcome_user_notification', $user_id, $password, $meta) )
return false;
$welcome_email = get_site_option( 'welcome_user_email' );
$user = new WP_User($user_id);
$welcome_email = apply_filters( "update_welcome_user_email", $welcome_email, $user_id, $password, $meta);
$welcome_email = str_replace( "SITE_NAME", $current_site->site_name, $welcome_email );
$welcome_email = str_replace( "USERNAME", $user->user_login, $welcome_email );
$welcome_email = str_replace( "PASSWORD", $password, $welcome_email );
$welcome_email = str_replace( "LOGINLINK", wp_login_url(), $welcome_email );
...So I guess you should replace $password with something else from BP? Or maybe add $bp as global (whatever the hell that is…)?
EDIT: Adding $bp does nothing. 
BTW, the wrong password in the welcome email is the same number of chars as the password that was entered, so I assume it’s an encryption issue. Unfortunately the ‘forget password’ function resets the password, it does not send the stored one. That’s probably more secure, but I don’t see where else I could find code that retrieves the stored password.
