If you try to login to [1] Atlassian with an email that isn't on their system, it will present a signup form.
[1] https://id.atlassian.com/login
Doesn't that mean someone could run through and check if accounts exist for certain emails, then try a bunch of commonly used passwords... or worse run through leaked email/password combinations...