Hi Michael,
1. The ASP.NET login control is designed to bind to and call methods on a MembershipProvider. I do not know if the SqlMembershhipProvider that ships with .NET can be configured to use email or username, but the mojoMembershipProvider does do this according to sitesetings configuration and I have added logic to show a different label according to whether a username or email is being used.
2. Of course upon postback server side validation of the entered credentials will occur. If configured to use email for login we add this validator as it can save us a postback if the user doesn't type a valid email address.
Hope it helps,
Joe