A few months ago, a friend of mine accidentally gave a website access to his entire address book. They harvested the email addresses of all his contacts and then spoofed his email address (made it look like a semi-legit email by putting his email address in the "from" line) and sent us all spam. The friend has since apologized and changed email addresses. But it's too late now, because they already have what they wanted: his contacts. Today spammers spoofed my own email address to send me spam. Grr.
Granted, I'm a fairly intelligent person and could tell from the subject line that the emails from his address were spam, so I did not open them. (It's important not to open spam email, because it confirms for the spammers that they have a legitimate email address.) And I obviously didn't send myself an email with "You can connect with vip singles now" as the subject line. Still, it's annoying to know my email address is now in their spamming loop.
Moral of the story: If you respect your contacts, don't give websites access to your address book.
Lesson #2: Pay attention to the subject line of emails. If it sounds like spam, it is--even if the email address belongs to a friend.