Yes it is if he uses all his resources on hacking. Some of them hack into banks and military site. Yes, as long as you are connected to the internet, you risk being hacked. Don't put anything on the internet that has a positive probability of being hacked. In reality that means don't but very sensitive information on the internet. Online forms have had a reputation of being insecure.
This tutorial has emphasis on processing PHP forms with security in mind! There are too many tutorials out there that rely on PHP's notorious register_globals setting activated with very little or no form input validating. Proper validation of form input data is the most important step in protecting your form from hackers and spammers!
2. Good introductions.
http://www.hostmysite.com/support/linux ... g/phpmail/
3. Some free resources.
One of the better that filters input using regular expressions: http://www.freecontactform.com/email_form.php
http://www.hotscripts.com/category/scri ... rocessors/
4. Some of the better are not free.
5. About security.
Is your online password protected database on a secure server really secure?
WPW thread that I wrote some years ago.
That may give you some ideas about online security. So if your main concerns are about valid input and spam, use at form script that filters most spam and hide your email address for most bad bots.