Say one create a new email ID and never gives it out to anyone and the sole purpose for it is to recover password for other email accounts that have been used to sign up on sites and newsletters, how much would it reduce the attack surface in case a site with the email is compromised and leaked?