Okay, I took a breather, I don't want to be angry.
Company X that I frequent runs at least 100 blogs, all of them they managed their own subscriptions, which is not hard.
Setting up postfix is such a common task that the Internet is full of howto documentation, anyone who can't figure it out shouldn't be running a blog on their own but should be using a managed host where they can submit a ticket to get a mail server. So I have trouble understanding the need for jetpack to manage subscriptions. But anyway...
This company manages their own blogs and their own subscriptions to them. A new blog went up, I commented the same way I always have and clicked on the confirm not realizing it came from wordpress.com until after I clicked confirm. That was my failure, I should have paid more attention, but I figured new blog - probably just a configuration error.
I don't actually run wordpress, I install it occasionally when I need to write a plugin for someone (and curse at stuff like emulated gpc_magic_quotes and lack of ability to re-use a prepared statement) so I figured it might have been a mistake on setup.
Went to another blog, one 5+ years old (same Company X) and commented - and subscribed to thread I was commenting on. Confirmation came from WordPress.com.
Suddenly I felt violated. I just changed my e-mail a month ago because of too much spam, and this new address I was trying to keep with companies I trust - and I trust this company X - and their policy says they don't share with third parties and I know the owner and she's serious about privacy yet here my address was shared with a third party.
Can you understand why I felt violated?
Their blogmaster contacted me, it was a mistake, she didn't realize enabling your plugin was going to violate their privacy policy.
I'm willing to accept maybe your company is not as sinister as I am imaging, though the ability to track via gravatars is very scary indeed and I think wordpress core should address that - obfuscate by default unless a user opts to have their real e-mail address used - but I'm willing to accept the fact that I felt really violated by having my e-mail exposed may have caused a harsher reaction to jetpack than was warranted.
But I still strongly believe it needs to be made very clear to users when a plugin is going to share their e-mail address with a third party. It needs to be made crystal clear before it is shared with that third party. Give us the option out.
For your own information, the first run-in with wordpress.com that I had - that made me not like you - I use to happily use several blogs hosted by you, then one day I made my own, and as soon as I did - I could no longer comment on those other blogs without logging in and I did not like that, and I couldn't even delete my account to go back to the way it was where I didn't have to log in to comment. It seemed invasive that you required me to.
This sending of e-mail addresses to your servers without asking is also invasive.
You might do well to look at some of your policies from the perspective of us users.