Patches are welcome...
Let me try to think it over:
logged in user asks for e-mail change
I save the new address in the session and send a message with an authorization code to the new address
When the user types in the authorization code in a form - in the same session - I can replace the e-mail address with the new one and remove the one from the session.
This way I can make sure tyops don't make problems and I don't need a temporary field in the database.