I'd like to code a combined sign in/up page like the one in the picture below.
My colleague said this will allow spammers/hackers to see what email addresses are registered with our system and this is bad.
But surely this is no different than the way hackers can check email addresses on a normal sign up page where it says 'this email is already in use'.
Is my colleague right? Is my design more dangerous? If so, why, and how can I alter it to keep the one-page minimalist UI but still be safe?