iceco2 writes "MySql.com and associated sites were hacked today. Among other items some simple passwords were recovered and private emails were revealed. Ironically the attack was performed using a blind sql injection attack."
Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"