A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for (TYPO3-20070221-1).