There is no
CAPTCHA or other method to prevent a postcard from being accessed remotely and used for spamming, as in this example:
This is a SERIOUS FLAW, the ramifications of which should be seriously considered before implementing this plugin on a live site!
I recommend you implement the following security features to make this a nifty little plugin:
- Add referrer check to email sending routine (not foolproof but at least a start)
- Add a CAPTCHA to email sending routine
Thanks for your time and an otherwise great plugin!