Good question, hadn’t thought about it. I guess I’d probably just send it encoded in base64 and tell them to decode it, like people do with torrent hashes. Won’t stop other people from decoding but it should stop the bots, to stop other people I’d use PGP.
Spam is definitely possible, I got some once, but I think they were sniping a room’s list of members because I haven’t given it out like that online, so it had to be something like that.