Recently several clients informed us that they received a lot of spam in their site, and we detected that it is from the module Send to a friend. That's why I decided to publish this solution.
Seabre the modules file / sendtoafriend / sendtoafriend_ajax.php
and find the line:
and replace with:
And with this change, the customer must be logged to use the module