One additional note about the hashed emails: Similar to the newsletter use-case, the only other real reason to store emails in plaintext that I can think of is to send unsolicited emails at any point in the future.
For systems that store both emails and passwords to facilitate login (which stacker news DOES NOT), you can still support features like Forgotten Password/Password Reset without storing the email address in plain text. As ek noted, you just have to use a universal salt for all emails, since the user can't be expected to provide the salt when attempting to login. This was actually discussed on the PR where this support was added.
reply
Thanks for posting. Will check it out later tonight.
reply
Great show! Little bit of background noise though.
reply
Thanks and sorry for the mic
reply