They can't send it if they haven't stored it, that's the proof. Whether temporary or not it's a weakness and attack vector for obtaining unhashed passwords. And if they stored it, it should be immediately hashed at which point they can't send it.
Plenty of website did this... more than a decade ago, and even then plenty of security conscious people writing blogs and posting on social media begging devs to stop doing this.
They can still send it while the value is in memory.
But it's unlikely that emails are sent synchronously. At which point, it has to be added to a job queue somewhere which might not be in memory.
There is also the communication with that job queue, and logging along the way, and any email logging.
Email isn't secure, either.
The proof is... them just being able to send it back to you in an e-mail. This is not supposed to be possible.
What happens when you tell a service you've forgotten your password? They send you a new temporary one, to be changed as you connect, or a temporary personal link to so so.
If they can just retrieve your former password in unencrypted form, anyone who gets access to their data can too.