So? Sending email is free; you can just send the email without knowing if the address is correct or not. Change the "| md5sum" to "| xargs mail" and you don't need the Gravatar hash anymore.
It's not for spam, it's for privacy. Entering your email in a field that says "will not be published", and they generates an avatar, actually party publishes your email address, which is bad for privacy.
Say, you suspect that Alice on stack overflow bad-mouthing software vendor "HAL", claiming impartiality, is really Eve, working for competing software vendor "Moon", you might be able to confirm that by using your knowledge of moon.com e-mail addresses, and checking the hash of eve@moon.com, causing SO to breach the privacy Alice/Eve expected when signing up.
Either Alice on stack overflow is tying her profile there to her real-world identity, or she shouldn't be signed up for Gravatar. The whole point of Gravatar is to persist a single identity across multiple sites, so I cannot imagine why you would tie a secret or fake identity to a real identity (your email) that you did not want associated with it.
Technically, yes, this article is correct. The Gravatar FAQ even discusses this issue, IIRC. But in practical usage, I can't imagine how this would prove important.
If I now that someone is called John Doe the result space is almost the same with or without gravatar's hash. It's nothing a brute force attack can't handle.
