It's very unlikely that two people with the exact
same username will
pick the exact same lame password.
If they do, then they could have logged into each others' accounts
anyway -- so it's high time for them to figure it out. ;)
They couldn't log into each other's accounts without knowing they had
the same password, except by guessing. They wouldn't know that until
this new special page told them. It's highly unlikely, sure, but not
impossible. I doubt there are many people with accounts with the same
password but different email address, so the gain is minimal. I don't
think that minimal gain is worth the, admittedly small, chance of
given someone access to someone else's account.
The code is guessing that two accounts with the same username and
password are owned by the same person, it's very likely, but it isn't
definite, so it is a guess. Just because two accounts have the same
password doesn't mean that knowing one means you know the other, since
you don't know they are the same.