Password reset emails usually contain a token that expires rather quickly so unless I’m missing something, this should be a non-issue.