Well I didn't think about the second case, but I guess if it's financial/legal, there are some other validation steps (such as a copy of your ID) so I don't really see any reasons to validate an e-mail. Of course unless the only info you'd provide to the government/bank/medical clinic would be e-mail, then you should cut out any disposable e-mails.
If your app suffered a breach, then those who uses disposable e-mails does not care about that at all. That's why they used disposable e-mails: "If it leaks, it leaks. I'm safe."
Regardless, thanks for your answer :)
With regards to your first point, you would think so, however I've dealt with systems that actually didn't require other forms of identification, yet still had regulations about email. Crazy, but it does exist!
Yeah, I reckon you're probably right about your second point, however, there is always the possibility of "data creep". You sign up with a disposable not intending to do much with the app, then over time you start adding more real data, but never remember to change the email address (particularly if you login with a username instead of an email). The breach occurs, important data of yours is stolen, but we can't contact you. Admittedly, this is more of a "what if" scenario, but there you go :)
And you're welcome :)
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.