I noticed today that my site is letting outsiders go directly to the recommend_friends.php script and send out spam through my system. I tried someone else's site and it took me to the login screen. That was good. Mine just let them send emails. What gives?

For now I have disabled the script.