It can be viewed as a security vulnerability, as many folks use the same password everywhere. As such, if somebody compromises your user database, they now potentially have a recoverable password and a plain text email address to go with it. This potentially compromise all users' email accounts, as well as other services that use email as username, such as PayPal accounts.
If email addresses are obfuscated in some way, the difficulty for an attacker is increased.
The tradeoff in convenience is that you force a user who has forgotten his password to remember what email address she signed up with in order to recover it via email.
Obfuscated in some way implies that it's reversible, which simply means that it's just going to take a little bit of time to unobfuscate the database--in other words, it's probably not worth it.
Hashing an email address would be pointless because the the email address is no longer usable to do things like, you know, send email to that person. As such, the only real option is to store it in plain text--and that makes the most sense.
If email addresses are obfuscated in some way, the difficulty for an attacker is increased.
The tradeoff in convenience is that you force a user who has forgotten his password to remember what email address she signed up with in order to recover it via email.