The form validator seems to have a really loose email validator. foo@bar validates as an email address. This is only useful for things like user@localhost. IMHO this isn't necessary for CiviCRM. Having such loose validation rules increases the spam problems with public newsletter signup forms.