The way authentication is set up now, users who log in to Wikispore need to authorize the site to retrieve the email address they have set on Wikimedia wikis. This would be used to skip the distraction of providing and confirming an email address, but we can't give strong privacy guarantees so storing email addresses (which can be sensitive information for some users) seems wrong, especially given that most users probably don't inspect the authorization dialog much and might not realize the risk. (Plus, it's not really working anyway - see T254668: Wikispore users do not have email address.)

We should investigate the possibility of not collecting email addresses. T241039: Create an API for sending yourself an arbitrary HTML email would be one option, although it would require considerable work. Another would be to have a separate authorization process (different OAuth consumer) for email, and collect it as an extra registration step, or otherwise separate it.