Yes, it's a place where spammers can harvest addresses. After all, these addresses actually work, so they're more valuable than spam sent to randomly generated email addresses.
This is not the only way that spammers operate (and there are a lot of spammers out there, so there are several methods being used, and probably a lot that most of us have never thought of), but it is one way. Here's an example of how it happens:
Step 1: Friend A sends a note to friends B - K. All of the addresses are open, none are BCC.
Step 2: Friend B sends a note to his friends, L - P, some of whom are your friends, most aren't. Again, no BCC.
Step 3: Friend B's friend N sends a note to her friends Q - T, one of whom works for a company that is gathering email addresses. Again, no BCC.
Step 4: Friend B's friend N's friend S sends a note to her friends U - Z (once again, no BCC), and copies and pastes all of the addresses on the list in a note to her boss or into some sort of a collection site, because she'll get a bonus for collecting as many working email addresses as possible, or because she thinks she has a great product that everyone will love, or funny jokes she thinks you'd like, or an inspirational or political message to get out, or whatever.
And now you get spam, from someone three or four steps removed from you, and you have no idea how or why you're getting it.
Here's another scenario.
You get one of those chain letter-type emails we've all gotten, e. g. "Bill Gates is collecting email addresses" or "the Poison Oak Middle School is sending this note around the world, please add your name, email address and location so we can track it" or "a little girl in Uzbekistan is dying of some obscure disease and wants to be in the Guiness Book of World Records for the most collected email addresses" or "here's a quick survey you can take to get to know your friends; don't forget to pass it on" or "if you don't pass this email on to 25 friends within 10 minutes, you'll never have love again" or whatever. You can tell I've gotten a zillion of these.
So you send the note along, and your address is in it, as is everyone else's, and you add the members of your own address book for good measure. And then a week or a month later, that note makes it to a spammer. Remember 6 degrees of separation? The fact is, we can all connect up, eventually, to a spammer and probably to several spammers. And now they have your address, and everyone in your book. Since we all process a lot of email, and a little time has passed, you don't make the connection between the chain letter and the spam, so you keep sending chain letters, and they get into the hands of more and more spammers.
Best ways to handle this?
(1) If sent something to just forward along, look on www.snopes.com
as pretty much all of the Middle School or dying child requests are hoaxes. Send that info back to the sender, rather than send on the email. That way, you both learn not to pass it on, and the sender might even send a note to others, telling them to break the chain.
(2) Even if you can't find evidence on snopes of a hoax, ask yourself a logical question as to why the email should be forwarded. E. g. why should Bill Gates want your email, when he can buy it from email lists, or guess it by using wild cards in a search? Why would a dying child want a bunch of email addresses, wouldn't a cure be better? Why would a school you don't know be interested in email addresses? Couldn't they just get their information in some other way? One hoax chain letter involves sending an email along and the tenth sender will see some sort of a flash animation, and another chain letter involves sending along emails in order to win some sort of a prize (usually it's a trip to Disneyworld). Ask yourself: are these logical ways for legitimate promoters to track a legitimate contest? And how the heck could a flash animation only get into one of every ten emails - it has to be an attachment.
3) Even if logic dictates that the chain letter might be legit (about the closest thing to a legit online chain letter is the getting to know you surveys that sometimes come around), there's no law that says you must answer them or send them to so many people. Nothing bad or unlucky will happen if you don't.
4) Even if a note is perfectly legit (e. g. it's your aunt's annual Christmas letter), send back a note to the sender, asking them to please, next time, bcc the whole group or at least bcc your address. I'd suggest this for any non-work email involving more than 10 email addresses.
Finally, if you must send along a note to a lot of people -
a) bcc the group. If your mail program requires something in the "To" field, send the note back to yourself.
b) scrub out all emails in the body of the note. Often, forwarding on top of forwarding results in an enormous email, mainly filled with email addresses, so take the time and clean them out.
I hope this helps.