Right now the coin lock feature is currently useless because someone with the password can just change the email.
Then they can log into your account, receive the coin lock message, use the new email to remove the coin lock, etc...
If you require the security question/answer to change the email address you would have an addition layer of security.
This would make the coin lock a much more valuable feature.