Hey Ben,
Yes, so much so that we prohibited it in our house rules [1] and build a custom user check integration to detect and block them [2] due to various abuse (working around rate limits, masking single source of vexatious requests, inauthentic behaviour, etc).
It's worth noting that we consider there to be a difference between disposable email addresses (i.e. stops working after a period of time) and a relay address (e.g. Apple's hide my email). At least in its current form, Alaveteli requires a working email address in order to receive updates on your requests. For disposable addresses these updates won't get received, so there's a fairly strong case to make that the requester isn't interested in the response, therefore is submitting requests vexatiously (appreciate you could manually check the site every day, but this feels like an edge case). We're a bit more undecided on relay addresses as we understand the privacy benefits, but they essentially cause us similar problems.
We understand there are legitimate reasons for wanting to use them, but it's not something we can support given our current capacity.
At some point I'd like to look at making a policy distinction between signing up to make requests vs other site activities (tracking, submitting body updates, etc), requiring a higher level of trust for the former (real email address, stronger account security – that kind of thing), but we don't have any actual plans/funding so there's no timeline on that; just some ideas.
Best,
Gareth