Found on heise:
The "Email this to a friend" functionality in the mt-send-entry.cgi script is vulnerable to being used by spammers to send spam messages.
Unfortunately the movabletype.org didn’t increase the version number, so there is no easy way to detect if your blog is safe. *argl*.