Movable Type spam vulnerability

If you're using Movable Type, you'd be well advised to remove or disable mt-send-entry.cgi. This script allowed visitors to email a page to a friend, but it seems it can be used by anyone to send anything - to anyone - with your blog in the subject line.