Original e-mail address on "Change E-mail" page can be manipulated

The original e-mail address field on the "Change E-mail" Mojang account page can be manipulated by simply using Chrome's Web Debugger. This makes it possible for attackers who have access to a Minecraft account to change the account's e-mail without having the original owner know that their email was changed because the recovery e-mail will be sent to a completely different e-mail.

Reproduction steps by Marcono1234:

1. Be logged into a Mojang account and visit the "Change E-mail" page
2. Edit the value of the hidden input originalEmail HTML element to a different e-mail [1] than the current one
3. Enter a new e-mail address [2] as "New e-mail address" and click "Request e-mail change"
4. Check the e-mail inbox of the new e-mail address [2] and confirm the e-mail change (The e-mail says that the account's e-mail address is being changed from [1] to [2], the e-mail address of the original account owner is not mentioned)
5. Fill in [1] as old and [2] as new address and click "Proceed"
6. Page says that e-mail address was successfully changed, original owner will not be notified of this change

Video showing the issue:
https://youtu.be/uYVmJ68xzPg