> however has a contact form that sends data to a gmail account.
Are we talking about SPAM here? or are we talking about if someone can hijack the actual code and “hack” the website? what would be their motive? how is important customer info shared? how does that page relate to other pages in that directory? what are the permissions? security, hacking etc are loaded words, be more specific.