During development you can use your customer's email address or Stripe id with the customer portal. When you are ready to take it live you must switch to secure mode (or anyone could check whether an email address is one of your customers). Secure mode can be configured in either the "Configuration" or "Snippet" section of the Customer Portal edit screen (as shown below).
Encrypting customer data
Once enabled, you must encrypt your customer's email address or Stripe id before passing it into the Customer Portal snippet.