Talk:AutogeneratedPassword/@comment-BillCole-20140423222528
It seems to me that while $Transaction->CreatorObj will be the right user when a ticket is created via email, this would be better (and maybe safer) if the code checked to assure that there is only one member in $Ticket->Requestors and conditionally set the password for that user if they don't already have one. Referencing the Requestor instead of the Creator eliminates the edge cases that are hinted at by the current code checking for Nobody and Privileged status.
I believe that rework would make the password generation happen when a Privileged (i.e. support staff) user creates a ticket (i.e. in the web interface) with a single Requestor whose account lacks a password.