No, this is a user enumeration vulnerability.
As an attacker if I can use your login or forgotten password page to narrow my list from 10000 targets to 1000 targets, I will.
The best implementation to solve this I have seen is that both the sign up and the forgotten password forms are a multistep process (exactly the same back-end/process after the initial form).
The form starts with a single field asking for email address. The user enters foo@example.com
and then clicks submit. Then they are displayed the same page asking them to check their email account.
If the user is already registered, they get an email containing a password reset link with a random token that expires in a few hours.
If the user is not registered, they get an email containing a registration link with a random token so they can continue the sign-up process. As a bonus, you've already validated their email address for when they later forget their password!
No-one that does not have access to the foo@example.com
email account can determine whether the user is registered or not.
Check out the example on Troy Hunt's blog post on password resets and the username enumeration vulnerability on alotporn.com
for a good example of how important it is to meet the user's expectations of privacy.