Yes, that's what you are _trusting_ them to _only_ do. Which you shouldn't. I know, I pointed that out myself a few posts before yours. The point is, this is a potentially critical security vulnerability as bad as posting your address in plaintext (because you literally are), and I will always point out that's a bad idea. See my signature.