A bit more than "exposed"
"The organisation learned of the hole when some of its volunteers started receiving emails offering them jobs. Those offers were sent by “a technical recruiting firm in Singapore” and volunteers wondered how the company had found their addresses."
In this case, not only have the emails been "exposed", they were also leaked. A bit more serious, then.
"One small upside is that the organisation says it doesn't store email addresses for kids under 13, the target market for the Hour of Code. So there's nothing there for hackers or recruiters to find."
How is that possible at all ? I registered to this service not long ago, and I absolutely were not presented with filling up my date of birth.