This is not an excuse for most of the sites (including Codecademy) because when you follow the "Forgot password" link and type in an email address, they instantly tell you whether that email address exists or not.
If you are displaying a message such as: "If the email address you provided is registered, you will receive an email shortly." then fine :)
* avoiding giving away this piece of information on the forgot password screen
or
* telling the user whether it's their password or username that is wrong.
You might want to take a look at this security stackexchange question http://security.stackexchange.com/q/13079/7306
update: I noticed this was in fact mentioned on / added to the blog post.
You might increase usability slightly, but in exchange you are allowing attackers to cut the work they need to do to compromise your users accounts in half. If you use email addresses for login, you are also allowing spammers to verify valid email addresses against your system for spam or phishing attacks later on.
Just added this at the end of the post for clarification.
I think it really depends on the type of site and its concerns about security. I'll give you two extreme examples:
* A hobbyist site for knitting, targeted at elderly people. Perhaps it should care more about the user experience, helping people to login even if they made a typo, than to protect from hackers finding out which email accounts exist on the site.
* Some bizarre highly-personal fetish site. Knowing whether or not an email address is registered on this site is in itself something worth protecting. Not to mention increasing the chances of then being able to hack into one of those accounts.
Basically what I'm saying is that security is almost always a trade-off, and it depends on the site and its user expectations.
A) They emailed you the notice (most likely this email), and
B) Most people only use one email address for personal stuff. Work emails don't count.
