On a new site, if mail configuration is broken (e.g., not activated in Mailgun), the admin can’t get an email to log in and cannot see the mail logs to diagnose the problem.
For as long as I’ve known about WordPress, it’s start-up flow just lets the first person who creates an account be the admin. Apparently this hasn’t been a significant security problem for that platform. Since Discourse further protects sites from hijacking via the
DISCOURSE_DEVELOPER_EMAILS variable, I see no security downside to bypassing email verification for addresses in
If those addresses bypassed email verification admins could immediately log in to be able to check email logs to diagnose email problems.