Gmail users were threatened yesterday, when a big security hole was detected in the Google API. When users visited a certain blog, the website harvested their email addresses and sent out emails to them.
The blog sent out emails saying that the user should visit the embedded link and pass it on to others. It even says that the user has received this message because he/she had visited it before. You can see a screencap of the email below.
In response, Google resolved the issue in a flash and had this to say