One day while I had forgotten my password to a forum, I realized that many forums allow password recovery through email very easily (no captcha). I was thinking, what if I wrote a POST script to send email recovery emails as fast as possible... The server's mail service might clog up (maybe, I have no idea), but more importantly, after a while, the hosting company will suspend the forum's account for being "spamers".
To add some pizazz to this you can make an array of all the member names or emails and send password recovery to each one of them. Gmail merges emails from the same recipient into one conversation, but I'm sure other mail services/clients would easily be spammed by this.

I'll post some code later if I get any free time.

i came across this a while ago...
maybe it can stir some ideas for you
http://pastebin.com/f46324177

http://www.xssed.com/archive/author=PaPPy/

Thanks for the php, it definitely stirred some ideas in my head. :)