SOAP and Rest API accept any string value including invalid email addresses in email field

We have recently discovered that although Marketo has validation rules for the email field when you enter the information directly into Marketo or attempt to update and email address those same validation rules do not apply when the API is used.  We discovered this defect when we noticed data corruption while merging possible duplicates.  In our case the value entered into the email field was "Array" because there were multiple email addresses stored in the email field that was mapped via our Sugar CRM connector. 

Although Sugar CRM has validation rules on their side which would not allow Marketo to push invalid emails into Sugar, Marketo's API does not.

It appears the validation rules in the Marketo interface are the following:

1. Must have at least 1 alphanumeric at the beginning
2. Must have an @ sign
3. Must have at least one alphanumeric following the @ sign
4. Must have a period (.)
5. Must have at least 2 alpha after the period

The API allows any value to be entered.  Marketo support has confirmed that "The expected behavior for both the SOAP and Rest API is to accept any string value passed to the Email field. The same is true for any native CRM integrations with Marketo where a CRM would allow invalid Email Addresses to be stored and as a result they will sync down to Marketo. You'll want to validate the information when it's being captured prior to being sent to Marketo through the API."

In Sugar multiple email addresses can be stored in email1 as an Array.  In our case the word "Array" was inserted into the email field in Marketo in every record where there were multiple email addresses.  At minimum the result is an endless loop of activity in the logs indicating a continues reset of the unsubscribe value.

Has anyone else encountered this?  Does anyone else think there should be validation of the email address field?