You know... the more I think about it, the more I like it. I've never created a hack before, but I sure would like to at least help on this.
We have a bunch of code in ubb_lib_misc.cgi (starting at line 54) that finds the login and password for a user when they enter their email in public_lost_pw.pl (when they click the link, "lost password?").
I think it's pretty clear what you want to use for content. Starting at line 112:
$match_results .= qq!
$vars_wordlets{login_name}: $user_profile[0]
$vars_wordlets{password_field}: $user_profile[1]
!;
$match_results_html .= qq!
$vars_wordlets{login_name}: <b>$user_profile[0]</b>
$vars_wordlets{password_field}: <b>$user_profile[1]</b>
!;
If we can figure out a way to mimic how the system passes the email address into that section, we've won more than half the battle. The only thing remaining is to create the radio button in cp_email.cgi and some if/else logic behind it.