The Roles system in 1.7 has a capability defined as such:
allows a user to view other user's profiles in context
This role seems to offer the ability to permit or restrict access to view users profiles (which would include a user's email address). In my Moodle 1.7 installations, however, this capability will not restrict users from viewing profiles (whether at the site or course context). Even assigning a newly created role to a user who has no other roles in the system and applying the prohibit permission to that capability in that role will still allow the user to view a user's profile.
Is this is the intended function, what is this capability supposed to do, or if not I believe there might be a bug in the way this capability is functioning.