maybe use sessions to verify that someone has a valid session from your site, otherwise reject the info or maybe check HTTP_REFERRER just a thought. :)
