There may be strategies for blocking this kind of activity at the server level, such as an htaccess rule that prevents the page being accessed without the right http_referer value. Maybe even count the number of accesses by a specific IP and block multiple accesses that happen too quickly. These are advanced applications of the htaccess file, but it’s possible.
The plugin doesn’t have any built-in way to get the record differently, but if you’ve got some coding ability you could set it up so the record is identified in the POST array instead of the URL. That would make it more difficult…it all depends on how valuable the info is. If the information is really valuable, you may want to ask people to register and log in before seeing the data.
If you’re concerned about email addresses getting harvested, those are protected by a simple JS script to hide them from most bots.
