Jeff Atwood blogs about a practice that goes against security best practices - as does Jivlain. After all, email often contains personal information - it is also where most of us get forgotten passwords (e.g. Wikipedia) sent to. It's a social network antipattern - some services spam your contacts after getting the list.
Even if the site in question has the best intentions in the world, someone who compromises their security will see email passwords of their users.
Sites like this aren't going to get my password!
What alternatives are there? How about using existing APIs:
Google contact API
Yahoo contact API
Windows Live contacts API