For example, if a user inputs an incorrect, fake, or otherwise in-accessible email address to register using email registration for their account, will password recovery still work?
In my trials, it seems that the user should input the email address used to register to successfully find the account, but it also seems it try's to send the recovery info to that email, not the contact email. If it's fake or no longer accessible, this seems to make the account irretrievable.