Checking the referrer (errr, "referer") header seems obvious to me, I wonder why they're not doing it.<p>Sure, the referrer can be spoofed <i>if</i> you can set arbitrary headers, but you can't set headers on iframe requests anyway (and even XHR explicitly disallows setting Referer)
As the author points out, the easy fix is to let users know what they just liked, or ask them to confirm.<p>Also I suspect this service is fairly self-regulating. Facebook users are generally careful about what they broadcast. The author gives the captcha trick used by porn sites as an example...how many people are going to broadcast their taste in porn?
another similar issue i've come across is when there are multiple like buttons on the same page. e.g., does one like this blog/site or just the article?<p>not a terrible confusion or potentially too sinister, but a bit more attention than usual is required than the simple share.