While writing a script to do the same thing from scratch might be good practice, I don't think it is totally necessary in this case. In this case of the form mailer script it accepts the 'To:' from the post. In most form mailer scripts the email is always going to be sent to the same person. It would be easier to just change the script to hard code the To: field.
Also, you might want to rename the script so that crawlers don't find it as easily. Don't rely on this to keep you safe by any means, but at least you won't get DOSed by spammers trying (in vain) to send email through your new secured version of that script.