All REST calls now require authentication, so this issue is less severe. There is still an issue with translator email addresses being shared with other users. We should ensure that sharing of email addresses in this way is consistent with our terms of service.
Still a problem. User emails should _never_ be divulged to other users, without permission. This also enabled scraping for malicious intent.
Migrated; check JIRA for bug status: http://zanata.atlassian.net/browse/ZNTA-363