If a Beam was not locked to a particular URL or IP address anyone could take the code and use it on their sit to send Beams.
Security is automatically enabled for a website when you create it. You will notice if you try to use that code on a different URL the Beam will display 'Security Blocking Active'.
The different methods allow you to provide varying amonts of protection for your websites. If you use an IP you cover Beams on all websites on that server, if you use a domain name you cover all Beams on that domain and if you use a URL you cover only the Beams on that web page.
Check your reports, you will see any URL's that Beams are being sent from, if you find somebody doing so enable your security settings. Please let us know as well and we can take action.
You can also limit the number of Beams that can be sent by one IP address in a day, to one recipient in a day and there is also a blacklist if you get repeated complaints from a recipient you can add them to the blacklist so that they never receive a Beam from that website.