Hacked via Contact Form 8

I recently moved my news site to hostgator.com. So far, so good, until today. I went to the site, and below the visible footer area on the front page were row upon row of porn sites, clickable. I looked at the source code, and it said something about a jquery and Contact Form 8. I quickly disabled the plugin, and then dumped the browser cache and didn’t see the hacked text anymore. This was in Chrome, by the way. I didn’t see the problem in Firefox or Safari, oddly enough.

Hostgator found rogue code in footer.php of my theme, Atahualpa 3.4.4,
base64_decode and a long string of code. I’m afraid to post it here in case it’s still virulent. Anyway, the plugin is still deactivated. I do need a contact form for the site, but now I’m afraid to use one.

Any ideas? I’m running Bad Behavior, Akismet, Limit Login Attempts and regularly do a scan using WP Security Scan.