In https://partners.shopify.com a Partner must validate his email address prior making a request to manage a store. An email is then being sent to the Shop owner and it only includes the Partner's Business Name and it also links to the Collaborator Request Review to either accept or decline it.
Taking that into consideration, if a Partner's change his email address without validating it once a request is sent, the Shopify shop owner's is being displayed the non-verified business email which could lead him to accept a malicious user.
As a side note, this also leads to Information Disclosure (https://hackerone.com/bugs?report_id=853919) as if the above process is done and you do change the Partner's email to let's say email@example.com, once the Collaborator Request is accepted and you Log-in through the Partner's dashboard, you'll be shown firstname.lastname@example.org stores into the dropdown.
A Partner's is being able to spoof his confirmed email address by a non-verified one in store management request