The problem is the convenience tradeoff. Take a site that has an instant green/red indicator that a username is already taken. People love the instant feedback, but it creates an attack vector. If you had to wait around for an email to see if you had already signed up - I bet a "Show HN" would have people here telling you that your site was user hostile! Even though it is unquestionably more secure.
I do think what Coinbase is doing now is not out of line with standard practices. But for a financial site they might be wise to start erring in the direction of security at the expense of a little convenience.