Please specify what unsecure features you see in that javascript? The purpose of script(as author explained)is log visitors statistic(domain, browser,title, url, etc)to get statistic data as much as possible.
It's not the javascript itself, it is the interface it expects of the CGI program. It expects that the CGI program will allow sending of e-mail from a GET request with the recipient of the e-mail and the entire content specified in the URL.