Easy Newsletter Security

I have Easy Newsletter running on a site I am currently building within the newest version of MODx. I have a couple of questions pertaining to security:

1. Are there any real security liabilities or loopholes associated with the default functioning of Easy Newsletter?
2. Is there a way to efficiently integrate captia into the functionality here?
3. Does it make sense to disable the ’unsubscribe’ feature from the user interface? It just seems as though the site admin should really be the only person who has any control over the removal of members.
4. If someone did in fact want to disable the ’unsubscribe’ feature, how would this be accomplished so that all of the other functions remain in tact?

Thanks in advance for any help here.

I looked at EasyNewsletter a while ago and my biggest security concern was its unsanitized database inputs... Revolution will use the mysqli database module, but MODx currently uses mysql, which means you can’t use prepared statements... and regrettably, a lot of ad-ons use simple concatenation to build their query strings, which is highly vulnerable to SQL-injection attacks.

Reminds me of a comic:
http://xkcd.com/327/

You could write a regex to filter the Newsletter inputs, and I’d recommend this if the deployment is for a commercial site (or if even if it’s for a personal site... unless you have regular db backups, you don’t want to leave your pants down for injection attacks).

Thanks for the insights (and clever cartoon) Everett. I ended up dropping EasyNewsletter from the site -- not only because of security concerns, but also because (even though all of the functionality seemed to be in place) it kept causing these annoying System Events error reports. Anyway, I am now running pommo on the site. Looking forward to Revolution’s enhancements.