When you procede to a password recovery, in "framework/security/member.php" it says
$from = ''; // setting a blank from address uses the site's default administrator email
Then in "framework/mail/Email.php" it says
if(empty($this->from)) $this->from = Email::config()->admin_email;
But admin_email is NOT defined in database "siteconfig".
After some research, I found you have to had MANUALY in "mysite/_config/config.yml" something like that :
Email: admin_email: 'firstname.lastname@example.org'
Don't you think that it should be automatic ?
By the way, in "framework/security/Security.php" LOSTPASSWORDHEADER is hardcoded. Whatever the language you use, it will always display the english text hardcoded in this file.