So I found this conversation quite interesting and so I decided to have a trawl around to see what these "scripts" are.
http://pastebin.com/bKYX73UR
So a bit of pastebin searching brought back the user script that dftw used. From the looks of it there is an assumption you are using the merlin tools (on git hub) with Arthur (the website).
Arthur has a look up bar so you can enter coords into this and it would find a planet like sandmans/kia. It also serves a second purpose and that is you can fulfill scan requests by pasting scan links in to the lookup bar instead of coords.
Ther user script simply injects a bit of extra code into your pa webpages and then sends these on to arthur, specifically into the http post method that would be used by the arthur website. This would technically fulfill scan requests AFTER you click the link to do the scan.
The bottom of the pastebin I've added in some mirc script which was sort of mentioned earlier. It was mentioned that mirc was being used to do some of the scans and as you can see its quite simple. To automate the opening of scan requests, to allow your arthur user script to work you just need to match a scan request url and fire off your favourite browser (which also has the user script installed into it).
This then completes the full loop, scan requests come in mirc picks them up and opens the url for the user script to send back to your tools. All nicely automated. You could add in some random timer to mirc to make this seem more "human" like but it does mean you can essentially log into pa and walk away for 2 ticks whilst the scripts do the rest for you.
After doing this test it raised 3 thoughts for me:
1. Anyone with some coding knowledge would attempt to do this. Coders are humans and humans are lazy, so you would naturally try and automate. I believe the above script under pa terms would be classed as "cheating" but to some people I can understand how they see it is just cutting out the middle man of clicking links and pasting them back. You need a pc on, you need to be at it to login to pa if needed and you need to build constructions still. It's a nice addon for everyone to be fair but yes more than likely it is cheating.
2. There is a distincting between these scripts run by genuine users and those who sign up an actual "scanbot" planet where multiple people can screenshare/vnc into a machine to get through the login script. Thats then falling into account sharing which we all know is a big NO NO.
3. It only takes a small extension of what we have seen to expand this into bot planets who can send at any whim. I dont actually need to login to other peoples accounts if they can just run a machine for me and I can do a !attack 1:1:1 fleet1 type command and it executes the required code on the pa side for me. However I dont have much knowledge of the typical bot planet scripts to be able to confirm thats how it works but its quite obvious if you run these scan scripts you may toy with the plans of running planets too.
Ultimately I think PA team has little chance to stop these things being exploited, infact you have no chance. There is nothing stopping user scripts being extended and the way in which you expected your browser game to be run. Also whilst the PA team keeps its database dumps and Api's hidden I think you are going to keep getting the same issues happening over and over.
From my perspective, open it up for everyone or do away with the system all together. It will be abused by those who are capable and those who arent will feel hard done by.