in reply to Problem Linking Within Perl Monks
I'm sure I'm not the first to think of this and I think I even fell for it on someone else's home node long ago.And this was fixed a while ago, because if you can send a message (to a user or the chatterbox) just by a simple GET request this is open to CSRF. Actually before this was fixed you were able to put an image tag in your home node and its source was a link to sending a message, so it would have been automatically called when you visited the homenode.
So it's good that this doesn't work anymore (although it's still not fully CSRF protected).
Update: The prefilled form requires to edit the text field only (not the recipient, like I first thought when looking at the HTML source), and this is probably meant as a protection, so that people really look at the prefilled text before sending it.