If you have ColdFusion 8, with CFCs exposed for remote access, with methods marked 'access="remote"' you probably did not know that this also meant any methods marked 'access="public"' could also be invoked remotely.
The obvious security problems now have a fix in the form of hot fix 71471 and it's associated KB article #40332.
You should apply this as soon as you can if your ColdFusion objects are being used by a Flex client, for instance.
Sections