My friend DataSynchronized reported this to me, and I thought I’d post it here.
When you go to your settings page, your email is hidden. However, it is possible to retrieve the email address by going to: Log in to Roblox
Since the email address is used as a way to verify ownership over an account, this could be used to trick Customer Support into turning an account over to someone who isn’t supposed to own it.
That’s pretty interesting. Take off the /json and you get the account page where you have to input your password to change the hidden email. Add the /json and you have the email in plain text.
This has been the case for a long time.
Another way to see the email is by “registering” on rbxdev and going to your settings.
What I noticed though, although I’m not sure:
If you change your roblox mail, your rbxdev mail doesn’t (immediatly?).
(Don’t know if it takes some time, as I changed my email back a minute later)