The whole thing makes me paranoid to even submit an email addy or a password on HIBP because once I do, it's now "in the system." It doesn't help that the dude is affiliated with Microsoft, which has long been the source of most of my computing woes.
And having done so, it makes me vulnerable to being marketed by every password protection and security service out there. Why? Because I just gave them my email address. And if I sit at the same computer and give them email addresses and passwords from the same IP, well, you can figure it out.
I don't trust anybody in this particular domain. But what a way to build password protection business.