I've gone in and removed mine. I can't be certain but when I signed up (before it went fully public, I think) I don't remember it saying the e-mail would ever be visible (and I used the same unique e-mail address I use for all my Git work/commits). So it's well worth GitHub users double check what they have in their profile "just in case" they entered it at a time they though it'd be private.
They provide e-mail addresses over their regular web interface as well. That's why the e-mail field in the account settings says '(publicly visible!)'. This guy is not outing a dangerous, unknown vulnerability—he's just making it a little bit easier for people to behave like obnoxious asses.
A little while back I got an email from someone using this feature to send out his résumé! Quite an ingenious use I thought, find all X developers near Y and send them a friendly form email customised using other details available from their account (like their name) with your résumé and contact information attached.
5 comments
[ 0.18 ms ] story [ 31.8 ms ] threadhttps://gist.github.com/667651
I don't think it's as bad as the author thinks, given that the GitHub account settings page has "Email (publicly visible!)".