I'm always very fond of the "human element" when it comes to these kinds of things. While I'm not opposed to this idea, I'd like to think that having your staff talk to the user in question and ask them verifying questions like "what's the email address that you registered with?" and checking Nickserv's ACCESS list to see if the host they are from even matches something on the list and ask questions about their nick and their channel access and see if the information that is received matches the info on file that is not displayed to the public. That'll give you an idea as if this is the real owner or not. Since email isn't generally encrypted when it's sent from services you are broadcasting passwords in plain text as well as possibly sending the password to someone that has hijacked this users email account and now what into their IRC account as well. SENDPASS to me is taking a users password and throwing it blindly at a target and hoping the correct person catches it.
Many hackers use social engineering to get users to share personal information, there is no reason your staff can't do the same. Then after they are comfortable that they are talking to the real owner, set a new password for them. Some admins will not like this approach because their staff will actually have to do something constructive to earn their O:Line on their tiny network since in today's IRC software everything seems to be automated.