Any user (even editor) can edit own profile and change email. At backend there is no mechanism to verify similarity of users' emails. Editor can set own email similar to admin's email. And then try to use "forgot my password" function to recieve new password. But only admin's password will be changed and the letter with new password will be sent to this email. Using alias for admin's emails editor can recieve new password for admin's profile.
Any user (even editor) can edit own profile and change email. At backend there is no mechanism to verify similarity of users' emails. Editor can set own email similar to admin's email. And then try to use "forgot my password" function to recieve new password. But only admin's password will be changed and the letter with new password will be sent to this email. Using alias for admin's emails editor can recieve new password for admin's profile.