A fairly computer savvy person I know sent me an invitation to BEBO. In part of the signup process, it wanted my Gmail account and password, "and we'll show you who's here." I declined.
It turns out that the invitation was not intentionally sent--I don't know the exact details, but I did a bit of Googling, and found this, this, this and this in a few seconds. Quite a few people who don't appear to be the type to be caught by this sort of thing have had BEBO spam their entire address books and IM contacts. It was likely my unfamiliarity with social networking sites that saved me from the same mistake--I'm suspicious by nature, and didn't see any good reason for them to have my Gmail password. If like these people, I'd used the same feature elsewhere I would have assumed I'd have the chance to edit the list and I may have been caught too. Maybe not though--I'm cautious about giving third parties my friends and relatives email addresses.
I don't understand this sort of marketing. Sure, BEBO gets more exposure, but an awful lot of it is likely to be remembered as "that company that tricked my friend into spamming me". Yet another victim sums it up nicely: