Restricting the ability of users to change the email address associated with their USPTO.gov account is not optimal. People move from company to company, firm to firm, and will need to use their business email address as their account address. It is not practical to require users to contact the Office to make a change that should be allowed electronically.
The Office already requires users to change their password every 180 days and to answer security questions to reset forgotten passwords. What is the reason for not allowing similar security questions for changing the user's email address? This doesn't make much sense.