Whenever a scan of our systems show a script we do not allow, we generally rename it immediately and then send an email to the customer letting them know that the script has been renamed and what it has been renamed to. I'm kinda new around here, but I would say it is to remove the vulnerability from the server as soon as possible. There are circumstances where customers may be on vacation, etc and not be able to change the script, leaving the vulnerability in place. Ensuring the proper running of the server is paramount.
As for the support response, the email form script from Sourceforge is the only email script that we allow. Our admins have looked at the script and would not simply suggest using one unless they were sure it was not going to cause problems. Being a programmer I know that my works are always labeled as 'works in progress' as most software will have to be updated/changed as computing changes (plus most programmers are never fully happy with their products, always some feature to add, change the color here, etc
If you would like to read up on NMS, visit their main site at http://nms-cgi.sourceforge.net/
. Scroll down and visit some of the links talking about the referrals they have received and some of the places their code is used (I saw mention that they were included in some Debian Linux distributions). Hope that will help ease your mind about the people that wrote the code and their background.
I do apologize for the confusing response you received and know that we do not ban all scripts, so your other scripts should be ok.