When presented with the option to log into a website or app with an email address or phone number, would one be considered any more secure than the other? I think email addresses tend to be more public and therefore more prone to exploitation. Thoughts on this?