Hey Matt, I'm one of the founders. All existing APIs require using a secret key, which you obviously wouldn't want to share in your front-end code. We overcome this by allowing sending only predefined templates, so for a "Share with a friend" feature you'd create a template called "share", and your call would look like -
EmailJS.send("share",{"to": "friend@gmail.com","message":"You have to check this out!"})
This should prevent using our service for spamming, and we'll also offer some tools like CAPTCHA image, or rate limiting, to deal with spam/abuse.
Let me know if you have any further questions!
