MailForm allows potentially dangerous parameters to be specified by anyone who can execute it. These allow for reading and writing of files on the system on which MailForm resides. Result: denial of service, reading of private files...