I like the idea of blogging via email, but I feel the current set-up is open to possible spam appearing. Although suggesting use of random strings for the address is obviously a good idea, it would still be possible for spam to get to that mail box, and therefore be published onto your blog.
My suggestion is that an extra function is added whereby only emails that are tagged get published. This would be a secondary security measure.
Subject: [WP] blog title
The [WP] should be configurable from within WordPress, and be automatically stripped out before the article is published. This allows us to change it, and again it could be just a random string. The chances of both the email address and this tag being used would be remote.