The interesting part is that the person doing the checking just so happens to be accessing the internet via gate2-norfolk.nmci.navy.mil which lives at 138.162.0.42, or they forged their address to match the navy gateway server's IP address - a fairly tricky operation to pull off.
Sending passwords by email in response to user requests does risk interception of those emails in the outbound path from the FR server to the user, but normally that should be a fairly small risk.
Nothing unusual about the military address to me. We have lots of readers and posters with military addresses.