Via PhotoMatt (one of the lead WordPress developers), I learned that there’s a newly discovered security flaw in Movable Type that could allow spammers to commandeer your Movable Type setup as an e-mail gateway (by futzing with the comment page, since that already sends an e-mail to the blog’s administrator).
Fortunately, there’s now a patch available (via a plugin) which works with both MT 2.661 and MT 3.14. After downloading the patch, just upload it to your plugins directory and set its permissions to 755. That’s it. (If you need an ftp client which can set permissions, FileZilla is an excellent open source ftp client which can do that.)