the code for the triggers is slightly different:
at line 26, the trigger for validation is:
if (isset($_POST["homePage_submit_x"])) {
at line 50 the trigger for the email is:
if ((isset($_POST["homePage_submit"]) || isset($_POST["homePage_submit_x"]))) {
What this means is:
Validation will trigger on an image element type named homePage_submit.
The email will trigger on a submit button OR image element type named homePage_submit.
a hacker could bypass validation by creating a local copy of your form set to submit to your server that uses a submit button, it would bypass the validation but still trigger the email.
i updated both triggers so that the use the same code, this should prevent the problem.
Most likely, you have an older version of Data Bridge that was used to create the form.