Triggering password reset seems harmless, unless of course the attacker has access (or can snoop on) your email traffic.
"Harmless" might be overreaching.
If someone wanted to move the Gox price, locking out as many accounts as possible on a low volume trading day just might make that even easier.