Back in 2007, a couple of companies called Quechup and Tagged (among others) did this thing where they asked you for your email account name and password, and then they spammed everyone on your contacts list, using your name, asking them to join.
There seems to be a new wave of this bad behavior going on recently. I got a spam like that recently from a company called Badoo (it told me there was a message waiting for me from a former colleague; I dropped a note to said person and discovered that they had not sent me a message, nor had they intentionally authorized Badoo to spam their contacts list), and now I hear that Grovo is doing the same thing.
So remember, anytime you sign up for a new service, be very careful about what you give them access to. If you give them access to your web-based email account, for example, then they can easily spam everyone whose address you have in your contacts. For that matter, if they're really bad, giving them access to your email account might let them do all sorts of other things, like take over your bank account. But the most likely of the possible bad outcomes is that they'll spam all your friends and/or colleagues.
And if you get an invite to a new service that appears to be from a friend's email address but also appears to be a generic signup request, not written by your friend, then you may be best off dropping your friend a note asking them if they really intended to recommend the service or not.