I might agree to an extent if I was using my
[email protected] format email to access PA from a unencrypted public network that SSL would be an added benefit. However, the password argument is entirely user subjective and your responsibility.
You should be aware of the risk of sharing passwords between any website or Internet service, and eliminate it as often as possible by using different passwords. Complexity of your password should be determined by your evaluation of the risk of damage if your account is accessed on a particular service by an unauthorized individual. I'm going to put an extremely complex password but one that I can remember and type it in manually on my banking service, but for PA I'll just save the default randomly generated password emailed to me by PA to my web browser.
My recommendation, is if you're not comfortable using a personally identifiable email address without SSL because you use a public unencrypted network for PA access then you should signup with a secondary email account that obscures those details.