As per discussion on https://chat.civicrm.org/civicrm/pl/bsu5ff88ypnm38eaqjgqdnx7re
The plugin only locks out firstname/lastname, but not email
We run CiviCRM with WordPress, and many of our public forms - event registration, donations, membership, volunteer signup, and Form Builder (Afform) forms - can be used while someone is logged in AND logged out (event registration for example). The issue is that CiviCRM appears to treat email on these forms as a normal profile field and will update the contact’s primary email when a logged-in user submits a different value. That’s led to people changing their primary email without meaning to - then on the next logon they aren't able to access their account anymore.
We’re trying to understand whether others have hit this, what the recommended approach is, and how to handle cases where the same form is also used anonymously or for registering someone else (another participant, on-behalf, etc.). I'm investigating the usage of hooks to solve it, but it seems like something that others would have come up against?
The screenshot on this plugin is probably evidence enough that the email doesn't get locked out, only firstname/lastname

As per discussion on https://chat.civicrm.org/civicrm/pl/bsu5ff88ypnm38eaqjgqdnx7re
The plugin only locks out firstname/lastname, but not email
The screenshot on this plugin is probably evidence enough that the email doesn't get locked out, only firstname/lastname