They actually anticipated and made accommodations -- you can only get change your "original" email to something else if you've had that other email verified on your account for a minimum of six months. This makes it much less likely for a hacker to be able to pull that off, though still not impossible.
(
Read Comments)