My gmail address is a short one, based on my name, and likely similar to many others' names too. For a long time now people have used my email address to sign up to all sorts of stuff. I'm pretty sure it's not purposely malicious... I mean the only way to exploit that would be to have control over google's authoritative DNS servers. But, I often wonder if there is something I am missing. I don't think so, but would be curious to hear others' opinions.
Also, you'd be surprised at how many sites have auth bypass issues when accessed via links in emails. I recently got an email from a hotel in Florida where someone had used my email address to book a room. Using a link in the email, I was able to access the booking details, and could have cancelled, or added a further couple of nights with no further authentication.