I do not want to discuss the pros and cons of email validation, but want to know if there are any potential downsides (security and otherwise) to a user entering his password only after he has already validated his email address (clicked the activation link)?
The flow would be:
User enters email address.
User validates email address through the activation link he received to his inbox.
User enters password.
User accesses the web app for the first time.