See this
Update 4: Google says the issue is now resolved: “We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.”
I know that, Kenny... I read the content before posting it..!
Still, affected users should at least know about the issue, imo...
asyn