Clearly you must be joking. They should've kept the emails on the server-side the entire time. Then would be a matter of validating the request by searching the email in let's say SQLite. Would it be done? Probably not. But at least it'd be a lot stronger than sending sensitive data to clients every damn request.
Unless it's clearly stated sarcasm gets garbled over the wire. So in the hope of helping those who don't get it I decided to do the right thing just to be on the safe side. ;)
From now on, when you see a post taking the form "Clearly [obviously bad idea]", please read it out loud in The Simpson's Comic Book Guy voice and place extra emphasis on the irony. This ensures you will get the correct intent 99% of the time.
Oh come on, then sarcasm loses its humor. Anyone who didn't get it the first time probably falls into the same category of developer that is being criticized here. :P