I don't think saying "but these popular sites let you enumerate registered email addresses via this other form" is justification to be lax about protecting against user enumeration attacks on your own site.
The actual take away should be more like "I found a security issue in the registration form of these popular sites, they should fix it"
Enumerating valid emails, even if rate limited, lets an attacker build a contact book for targeted phishing attacks, connecting leaked passwords, brute forcing and is also useful in recon to determine what sites a person may have an account with, and more. It's worth protecting against as much as possible.
The actual take away should be more like "I found a security issue in the registration form of these popular sites, they should fix it"
Enumerating valid emails, even if rate limited, lets an attacker build a contact book for targeted phishing attacks, connecting leaked passwords, brute forcing and is also useful in recon to determine what sites a person may have an account with, and more. It's worth protecting against as much as possible.