It is possible to use the “own Tracking-Code” on foreign Sites to produce Spam.
Can i stop it, that my code only works on my site?
I your webserver is running apache, you can add specific rules to your .htaccess to prevent accessing your files from other servers. This is commonly used to prevent hotlinking, but you could easily use it for piwik tracker code.
If your piwik installation is not on the same domain as your tracked website, you can authorise these domains specificly in .htaccess.
Some examples can be found on this site: Stupid .htaccess Tricks | Perishable Press
Enjoy!
jOoL