Andy Beard wrote an interesting post about some of the risks associated with viral optin scripts that's well worth reading if you've ever considered using one of these tools:

Opt-In Accelerator Warning - Security Risk - Read This First!

If you're not familiar with these scripts, they're a little bit like the old tell-a-friend scripts, where your site visitors can enter the names and email addresses for their friends, and those people will receive some sort of promotional message trying to get them to visit your site.

The difference with these viral optin scripts is they scrape the information about your friends and contacts from your web-based email accounts, such as Gmail or Yahoo Mail.

Your visitor enters their login information, the script goes out to the email service and scrapes all their contacts, then sends all those people an email.

There are all kinds of security issues with this, which is what Andy discusses in his post.

Frankly, I'm amazed that anyone would ever enter this information on any "small time" website. I mean, if you're a Facebook or LinkedIn it's one thing, but I can't imagine anyone trusting this data to a website that they're not extremely familiar with.

But in my opinion, there's a more fundamental issue than the security risks.

Why would anyone want to bulk mail everyone in their contact list about some website? Maybe I'm not the normal user, but I've got a combination of personal and business contacts in my Gmail account, many of whom I don't know personally - just through a loose "internet based" relationship.

I don't care what the topic of the website is and how wide its appeal, I just wouldn't want to send some kind of bulk email to everyone in my address book.

I don't care how many extra optins I could get by using one of these scripts, I just don't think it's a legitimate way to drive traffic. Whether or not it's technically spam is debatable, but it's close enough that I would avoid them like the plague.

Anyway, if you don't feel as strongly about the ethical issues with these scripts, make sure you read Andy's post so you understand the security risks that go along with them.