function user_pass_validate(); disclosure an exist of account and email address on the site.
how to reproduce:
https://drupal.site.com/user/password with captcha enabled. type any email/account you want to check
form errors:
What code is in the image? field is required.
Sorry, admin@sitename.com is not recognized as a user name or an e-mail address.