Information Security

Interaction between the user's script and php on the site?

Good afternoon!
There is an extension for Google Chrome, from which you need to send letters by calling a php script on a remote site. That is, after clicking on the "Send" button in the Google Chrome application, javascript sends a post request to the php script and the latter sends an email to the user with the content received from the Google Chrome application. Now the question is how to make such an implementation safe? The entire code of the Google Chrome application can be freely read, so it makes no sense to sew any passwords there. What options are there for secure identification to avoid sending spam via php script? Or what other options are there to securely transfer information (file) from the Google Chrome application to a user who is not associated with the application?