I'm considering using the Google Contacts API for a webapp, but I'm worried that a user might have a bad experience that could be blamed on me.
I intend to use the data in a responsible manner, I could get blamed for somebody else's misuse of it. Has anyone else had this? What did you do about it?
There's probably not much you can do about that, but I wouldn't worry. In the case you mention it was clear where the problem was - people don't sign up for that many sites in a single week. And even if it does happen coincidentally for one user, when they search they aren't going to find all the spam references you found.
Answer this question: Can you secure your webapp against all crackers out there? Are you more clever than any criminal out there?
If not, then the data won't be safe. Criminals will come up with ingenious ways to extort a revenue from data on the web. If I should ever have to apply for a new job, I could ask StackOverflow to create a CV for me -- they have all the necessary data but that's because I want it. So this is probably OK. But some sick mind may find patterns in my posts, things which I'd never have thought of -- word frequencies, length of posts, complexity of the answer, time of posting -- to deduct some further info which I didn't want to disclose.
So the better question is: Is the revenue (which you want make) worth the risk? If you don't get anything for the data except blame, why collect it?
I think that this problem in general will make people shy to third-party Contacts apps, and for that reason you should avoid making your application depend on it.
Having read your story, I can tell you for sure that now I will never let any third party app access my Contacts via API for any reason.