Like Steven said, it's a bad idea to completely turn it off - however, it's possible to limit the dangers of the abuse quite a bit. There are patches that you could install to stop injection into the mail() command from legitamate variables. However they still cause problems with some boards. Quite a few boards now a days have pop mail facilities, and you can use that much more easily.
BLUETRIDENT.NET - Reliable Shared, Reseller and Dedicated Hosting Solutions Provider
Managed Hosting with Personal Service
Highspeed Content Servers, Lighttpd, Ruby on Rails, Cluster Servers & Rich Web Application Hosting
Thank you all, my first choice is not to disable it, just secure it. I once worked with a server and aparently mail() couldn't send e-mail to domains which where not in the server, and messages to internal accounts arrived, is this possible?