Hmmm... I don't think so? I honestly never considered that possibility. My only concern would be accidentally leaking whether a login username/email is valid depending on your strategy for returning salt for invalid usernames. That should be able to be worked around though.
