A link to set your own password would definitely be a nice feature, but one should be aware that this solution is only slightly safer compared to the current solution.
If a user's e-mail account is hacked, the hacker will still be able to access the user's webshop account by simply requesting a new password in the store and then clicking the reset-password-link sent to the user.
As long as the shop doesn't store credit card information, I would say that a reset-password-link solution would be sufficient, but for shops that allow logged in users to complete purchases with a saved credit card, another layer of security (e.g. security questions) could be necessary.