Hi @robertdhero ,
There are 2 major potential security concern I can think of:
- Account Enumeration Concern: Attackers could try to discover valid accounts.
- Automated Account Creation Concern: Bots could create many accounts automatically
There are ways you mitigate account enumeration or Bot attack. Here is post on Auth0 community you can refer: