SEE UPDATE BELOW
If you are using Movable Type's "Mail This Entry" feature on your blog, you are advised to rename your mt-send-entry.cgi file, or remove the feature entirely.
If you are not using the feature on your blog, you still need to either rename the script, disable it by changing the permissions, or remove it from your server altogether.
Spammers have discovered a means of using this script to send messages that will appear to be coming from your server.
Renaming the script won't prevent them from finding it if you continue to use the feature on your site, but it will slow them down a little if everyone chooses a unique name for the script.
Also, if you're using other versions of this feature such as Pop-Up Mail This Entry or MT-Mail-Entry, you may want to take a similar approach to those as well.
If there are any developers out there interested in working on a fix for this vulnerability, please leave a comment and I will contact you with the details of the method being used (if you need them).
Update: Ben posted a fix in the previously-mentioned forum thread:
Before line 40 in mt-send-entry.cgi, add these lines:
if $to =~ /[\r\n]/ || $from =~ /[\r\n]/;
Save mt-send-entry.cgi, upload to your server in ASCII mode, and CHMOD permissions to 755 again (if necessary).
(Cross-posted at The Girlie Matters)