Hi... I'm the mean guy who set this all up with a friend (saw this thread in my apache logs) now what you should all be aware of, is that I do not steal any password, and that anyone who gets "caught" by my script tried to steal someone's password, they are, therefore, lamers. Now, someone was asking if there were people trying it...well look at this:
[gepeto@aliencow gepeto]$ cat /var/log/httpd/access_log | grep sendpass.exe -c

2676
As for the people claiming the little 2002 link was social engineering, it is more of a test to see if spambots would gather the email address on the page linked by it (that's why I made a small link that nobody sees).