ok whereever you have this:
SRC="http://www.holdtheirfeettothefire.org/images/hold_their_feet_to_the_fire_left_banner.gif"
you need to hide the path to the images folder.
If i go to the url address in my browser (and anyone else for that matter)
and type in
http://www.holdtheirfeettothefire.org/images
bamo i'm inside the images folder on your server, a great place for hacking to start.
so instead do something like SRC= "../images/hold_their_feet_to_the_fire_left_banner.gif"
this goes for anyplace else that you may have a url pointing to a file on the server.
also if I click on the submit button at the bottom of the form (also on the email sign up)on the page it actually submits and gives me the "thank you ..." text. You may want to put some script in to check for blank entries, full address etc. using a pop up.
AND be sure that the script scrubs out any characters like " / .. ' \ // etc." you want alpha numeric only (helps prevent sql injection attacks).