I just want to make something here clear.
Everything you give to WHMCS because your a business should be publicly available anyway.
Your account email should not be, nor should any billing details, but all the rest should be. If you are operating legitimately.
The email address to log in can be changed. If the old one gets spammed to death, close it. Personally i use one dedicated email address for whmcs. and as a result i will find if spammed, it will be deleted and a new email created. its really that simple.