It's not exactly guessing if, as the majority of users do, you use the same email address for everything. It's all well and good when dealing with smart people who use good userids and passwords...like mine USED to be, but we're talking about people who repeatedly fail at their own security.

People who look at a post like "lol, so funy! look for self sexleg hot! omg.kennylogginsyourkeys.here/ufackinnewb.exe " and post back "i went like 4 time???? i din't see nuthin? lawlz?"

People who make an account name like HoserMcLuvin and troll all over Curse, WoW, MMOChampion, anywhere WoW related with the avatar name...HoserMcLuvin...with links to their armory and facebook and Twitter and anything else that has their e-mail address {HoserMcLuvin-at-gmail, of course, same password as they use for everything} and random WoW info.

People who will get their butt keylogged over and over again because they don't run anti-virus and don't scan all the random crap they download and don't even know what anti-spyware is or how to format, and share their account with thier friends who are just as stupid.

Blizzard didn't do anyone any favors by moving to e-mail address form. Especially considering how much some of these sites just LOVE to sell e-mail addresses.