This is something we recently started doing. If email sent to your email address bounces with an error message like, "This email address doesn't exist", then your email may eventually be changed to u...@bounces.invalid. (It's not possible for users to change their email address to something ending in .invalid, so this can only be an administrative change.) Because your old email didn't exist, somebody could've registered your non-existent email address and used that to steal your account.

I didn't particularly intend for the trust warning to appear for these automatic changes, but it's a niche situation and a bit difficult to fix, so I probably won't fix this unless several other people complain. It only lasts 30 days, after all.

Longer-term, I would also like to do something about emails where the domain times-out or returns a "temporary" error in like 3 of the last 12 months or something like that. If you register with an email like asdfwerwe@werwetwerwer.com, then somebody could register werwetwerwer.com and steal the account that way. But this issue isn't on my short-term to-do list at all.