(others, just Google)
Maybe we can find a better simple solution they can use? If they don't have that feature many people will be frustrated.
Just as a reminder, if you are sending email verifications out anyway, there is no point in validating email addresses manually.
Certainly when it comes to security, authors should do their best to ensure users of the tool are educated, when there's a security issue with any large software product, particularly open source, that's mostly down to poor configuration or ill-informed users, the authors are instantly criticized, but I think it should be the same for any general features in a tool that targets a specific functionality. This particular "best practice" is quite easy to find, and the tool is very specifically targeted towards validation, yet has something that's against best practice and could potentially cause frustration for people who use this tool, and people who use the stuff created using this tool.
If somebody is interested in the code, you can have a look at the github project.