I’m a Security Engineer at Mondo.
The risk you are describing is called user enumeration. If the knowledge that a given user has an account could be damaging to that person (e.g. on a pornography website) then user enumeration should be mitigated in the way you describe (not distinguishing between there being an account or not).
However, for sites that do not have this risk, it is no longer considered best practice to make such a distinction. If you try and log in to Google or Facebook you’ll notice that they both distinguish between the email existing or not.
The only semi-practical attack is a targeted phishing attack. In reality, a phisher usually does not care whether a victim has an account with the service or not - they cast a wide net and hope to catch some users. We (as in the Mondo service, not the community forums) mitigate this by not having passwords to phish in the first place.
So, whilst the security benefits are small, the usability benefits of making a distinction are clear - it can get very frustrating if you can’t remember which email you used and you don’t know whether the email hasn’t come through yet or you typed the wrong one.
This is a bit tangential but at some point I’d like to write a blog post on our long term plans for authentication. We want to make the process as smooth as we can for 99% of people whilst keeping your account secure.