No that's not it, you didn't get my point, here's the explanation for that.

First when you signed up using Google OAuth you don't need to create a password for that, all you need to do is to click your email then you're automatically signed up, so when you try to register the email address using "Email & Password" that is already registered using Google Auth then you'll get an error "Email is already registered" and that's the normal flow of a signup functionality

But in redacted.com even the email is already registered using Google OAuth you can still register it using "Email and Password", and this lead to access the account that is registered using Google OAuth

for the $5 bounty I appreciate that since they don't have a bug bounty program but still they rewarded me