If I remember correctly, revealing if an email address is already in the system is considered information disclosure vulnerability in OWASP tests, presumably because then you can do spear phishing against that email using the information that is subscribed to the service.