Ugh, I had to do this once on the sign up page at a small company I worked for about 10 years ago. Ever since then, I've been weary about beginning to fill out any forms unless I really, really want them to have the info. I still think its messed up to store user data that hasn't been submitted.

Yeah, there are shady techniques from companies offering cart abandonment solutions that do exactly that (e.g. VEInteractive). If you type in an email address and don't submit the form, they'll still send you chaser emails.

I think there are valid reasons to store incomplete form data, but I don't think it should be used for reasons the customer did not intend (e.g. receiving emails).

This one is interesting. Looks like they don't send any requests for username. For email address, they have a delay before sending to the server to see if it's a used email address (if you type quickly enough, it will only send a single request to validate the email).

For password, they start sending every character you type once the field has 6 characters in it. It then sends your full form details on every keypress (plus it has a delayed send to the same password_strength call, similar to what they do for emails). So if you type your password slowly, it will send your details twice for every keypress.