Sort:  

It's a way to help them prevent the person who just steal the password to initiate the recovery process claiming they are the real owner of the account. They don't really need it if they can prove the identity of person trying to recover the account by another mean, in fact the email is far from being the best way but for Steemit it can help.

Anonsteem uses other means and other recovery partners could also use other means.

I know, it's a bit another issue but I have a question though.

Is it possible to get back STEEM I have sent by mistake to an account?
E.g. I sent STEEM to @minnowboster (https://steemit.com/@minnowboster) with one o instead of @minnowbooster with 2 o's?
I mean, there should be an option to reverse your actions within a given time frame.

the email is the second factor authentication on the identity part of the account and other security mechanisms for anonymity.