How about on account creation the answers to a few security question are
queried from the user. These are used to encrypt recovery information,
and the resulting bundle is *not* stored at the website, but presented as
a file to download and store for the user.
This means that if the user wants to recover a forgotten password he or
she needs to proof knowledge (not-that-secure security questions) *and*
ownership (of the file).
If the webpage could check for the continued presence of this "backup
file", that would be nice -- but I fear giving scripting this privilege
is a security problem.