It appears that it's possible to use a listener to send SMS's to a mobile without ever having validated that the mobile number is correct. That seems like a very bad idea.
Having your rmobile erroneously SMS'd by a machine is very bad news, especially when it repeats automatically. This can happen quite easily with a simple wrong number or in my case because I didn't realise that omitting the country code caused the API to default to Spain.
Perhaps it would be better if it was only possible to send SMSs to phones which had first agreed to receive them by responding to a request.
And to the poor innocent victim of my SMS abuse - sorry.