Are you certain that the script is being exploited?
You might want to check with the host to ensure that email relay has been disabled at the server.
They should also be able to specify that the server only sends email from the legit domain and email addresses.
I'd do my best to secure the form itself using SSL. If the form and the data it transmits isn't secured, it's vulnerable to interception.
I found a thread in *cough* in another forum with a few promising links to php security related info.
Check it out.
Securing PHP Forms - Kionic Community Forums
Good Luck.