To me the difference is the intent - I didn't intend on entering someone else's account. If I'd tried to log in with a password/email, it would have told me the account already exists, or prompted me to reset the password, and then I'd need to request that and knowingly invade the account. This way I just walked right in without even knowing what I was doing - I didn't realize there was even a problem until I went "hey, that's not my phone number!".