Suppose I could do this.
<input type="text" name="email" value="firstname.lastname@example.org,email@example.com,firstname.lastname@example.org,email@example.com">
I've just used your form to spam. Multiply that by 1000. Of course, a real hack wouldn't come from your form, and it woudlnt' be that simple, it would come from a command line. There's plenty they could do . . .