Only email is needed to check if user exists [vulnerability?]

In user’s settings > sharing tab is feature to transfer ownership to another user.
If autocompletion in admin settings is turned off, then you will need either whole username or email address to find user.

Don’t you think, the fact that you only need email address to check if that user exists in DB is too much? What if someone has hundred of emails that is interested about for some reason and will check each of them? It’s a big chunk of information.