If you use the WP 3.3.1 'Post by email' function, anyone typing in 'wp-mail.php' after your URL can view the posts you've uploaded. Hairy stuff.
It sounds like this plugin will close this security hole ???
Alternatively, has anyone used .htaccess entries to limit access to wp-mail.php to only one IP address? (i.e. the site owner's IP address, assuming it to be static)