I am seeing this behavior in CiviCRM 1.8, but it may also be the case in 1.9. I would need Drupal administrative permissions to be able to fully verify this in the demo (though I did indirectly produce some evidence that it is an issue in the 1.9 demo).
When a CiviCRM contact's primary e-mail address is edited, that change is reflected back to the corresponding Drupal user account ($user->mail), assuming there is a match between that CiviCRM CID and a Drupal UID. This is good behavior, except that the change appears to be made without invoking the 'update' operation of the hook_user hook in Drupal.
One consequence is that CiviCRM can set the Drupal user's e-mail address to identical to that of a second Drupal user account. In Drupal, it is normally disallowed to have two users with the same $user->mail value. Many drupal modules rely on that unique property of the e-mail address as a secondary identifier for a Drupal user.
Of course this involves some user error to change one person's contact record e-mail address to that of another person, but CiviCRM should invoke hook_user which would validate against that value being carried over to the Drupal user account.