This is how it works as far as I understand:
There are 2 different objects in Eloqua: Contact, Visitor.
When you browse on a website a cookie is created and that identifies the visitor record the activity is logged to. New cookie, new visitor. A cookie is specific to a browser so the guid and hence visitor is going to be unique to your browser (not the same one someone else has).
The visitor has an email field too (among many other fields). This email links the visitor record to a contact record so there is a many to one link between visitors and contacts.
When you are opening a forwarded email, there's a parameter on the end of links in the Eloqua emails "elq". That is a hash of something but it uniquely identifies the Eloqua Contact and details about the Email. When you hit a page with an "elq" query parameter and value it's linking your visitor profile (identified by your eloqua cookie guid) to a contact based on the email address identified by the "elq" value.
At this point if that email was someone else's your going to see their information when forms are pre populated and what not. But, you can overwrite the email address save to your visitor profile by submitting a form (it's consider a higher priority linking source by Eloqua) and then pre population will pull info from the correct contact.