Yes, but even if the referenced security risk is patched you would still be able to find out if some has an account or not since a password reset page will tell you if it has successfully sent an email to an account.
A good password reset page would not disclose such a fact (it would return a successful response with a message "if this email exists, we'll email you" regardless of whether it actually exists) however attempting to create an account would disclose that fact by rejecting an account creation attempt with an existing email, unless they use emails purely as communication channels and accounts are uniquely identified by username/account number instead.
>however attempting to create an account would disclose that fact by rejecting an account creation attempt with an existing email, unless they use emails purely as communication channels
They can tell the user to await an e-mail from them with the confirmation link. Then if the e-mail address is already in use, send an e-mail saying, "somebody, probably you, tried to register as <new-username> on <site> but we have you down as <old-username> already". Otherwise, send a normal confirmation link.