I successfully installed and tested this module with Drupal 5.1. It seems to work, but perhaps too well.
You can enter in any e-mail address as the "From" address. I don't see why it shouldn't just use the e-mail address of the user who is authenticated, rather than letting them spoof someone else's e-mail so easily. Sure, they're sending your content, but they can also type in any threatening or obscene message, which will come from your site using a forged e-mail address.
I see from the access control that one could also allow anonymous users to send e-mail, and they would of course need to enter a from address. I can't think of a reason why you would want people to anonymously e-mail through your Drupal site, but perhaps there is a valid use.
I would suggest adding a setting to disable entry of the from address, and just display the authenticated user's address in place of the from e-mail input box.