For a good number of us, a large part of our online identity is tied to our email address. Many places use email addresses as account names or identifiers, and for the most part this works fairly well. As time goes on, though, we tend to leave behind us a trail of email addresses that we no longer own.
We move from one ISP to another, we graduate from schools, change jobs, join and quite organizations. Email addresses come and go, and we generally manage just fine. What happens, though, when those email addresses are recycled? For instance, perhaps you were jsmith@youruniversity.edu; when will that email address be assigned to a new student?
This becomes a concern when you consider that password reset functionality often uses access to your email as de facto authentication. That is, when you tell a web site that you've forgotten your password, it will send a "reset" code to your (previously entered) email address. Using that reset code gives you full access to your account. Or it gives whomever now owns that email address full access to your account.
Here's some FUD to sleep on:
How much spam today is geared to watch for "abandoned" accounts? Email that is sent to an account that does not exist will often generate a bounce telling the sender that delivery failed. Email addressed to an actual account, barring gateway spam filters, does not generate a bounce. A spammer could watch the bounce backs his spam generates (through a bot, of course), and when an account that never generated bounces before suddenly starts bouncing his email, he might conclude that the account has been canceled.
The spammer could then try to establish a new account with that name. Or perhaps the domain expired and the spammer buys it and reinstates the email address. If successful, the spammer now has a piece of someone else's identity. Then he starts using that email address in requests to reset passwords at major sites. Should he get lucky, he might find himself in possession of a fully functioning Amazon or eBay account complete with stored credit card numbers and 1-click-buy functionality.