The important things to remember here are as follows:
- Don't let people figure out who has an account
- Don't let someone spam your users with your email server
- Don't allow people to figure out who is registered by brute force attempts
Let's elaborate on the practical examples.