There is a vulnerability in Movable Type that would allow spammers to use the script to send messages that appear to be coming from your server. The fine folks at MovableType have an updated version of the mt-send-entry.cgi for users to download. If you have variants of this script there’s a code fix over at VirtualVenus available for users to enter manually.