When self-activation or admin-activation of user accounts is required, but email-changing is disabled: The email field does not appear on the UCP -> Profile -> Edit Account Settings. Suppose the user manually adds an 'email' field to the form (e.g. via Firebug) then submits it. While the email address does not get updated, an activation email is sent to the new address (if user-activation is enabled), or to admin email addresses (if admin-activation is enabled).

The bug is in includes/ucp/ucp_profile.php on line 136. It currently reads:

if ($config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))

It should be (add *$auth->acl_get('u_chgemail') && * ):

if ($auth->acl_get('u_chgemail') && $config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))