But you can do password recovery on every service they've ever used with that email and get any private info from that service.
Yahoo should define "dormant" as an email that hasn't RECEIVED email in over X years. Also they should lock the dormant email addresses for 5 years before releasing them to new users.