Sorry, I didn't notice you had responded. I think maybe you're reading too much into adding JWTs to emauth.io. It simply provides another source of information, ie that as of a certain time, emauth.io verifies that the holder of this token had control over the email address. Implementations can do whatever they want with that information, depending on their threat model. And since previously the API was returning a fairly redundant text response (status code already tells you whether verification was successful), returning the JWT doesn't interfere with the previous functionality.
