Hi Jon
You're safe as long as you understand
Sorry if it sounds rude but that's possibly how it is. You never know "what tommorrow will bring". Well how about reading your form, disabling javascript and then calling your PHP page directly with the parameters? Whether it is GET or POST should not matter much because most spammers would be running a webserver on their own system.
What I have found effective in forms is: Showing emails via scripting not direct text, not trusting on client side validations and Inclusion of CAPTCHA (image code) helps a lot in dettering automated bots.
Hope that helps a bit.
Regds
IJ