Security - Information Disclosure via Forget Password
It's possible for attackers to detect valid email addresses for Eclipse accounts by entering emails in the forget my password form because the response is different if an account was found or not.
The recommendation is that we should always return a status message like: "If your email exists in our database, you'll receive a reset link". That way an attacker cannot distinguish between the two cases.