I won't be adding the permissions parameter back in. It caused more issues than it solved. I don't recommend removing permission from HybridAuth as it may, at some point, break HybridAuth functionality. It requests the bare minimum for it to utilize its API functionality, but at any rate you're welcome to adjust it with each release.
The email already in use issue is simply that. It's the same as trying to register normally with an email address already registered. It will not automatically link to a user simply because the email matches as that would be a massive security violation. For example you can tell Facebook to send whatever email address you want to the application. So if this was allowed someone could instantly can administrator access, change the email and password, then login to back. So that will never be added. I know some other connect extensions allow this, but CB Connect will not be one of them. To link accounts you need to login normally then use the link button.