Good find. However, handing out own adresses for such tests bears a minimal risk in itself.
I tested some older, non-vital email adresses, and got a security breach for one from 2014, by Malwarebytes. Not sure how to interpret that.
Do I interpret it correctly that this means that somebody hacked Malwarebytes back then and stole email adresses from their database with customers?