After reports of squirrelly package checksums the developers have discovered that the distribution for version 1.4.12 was compromised by some third party. The compromised code involves PHP though the effect of the changes has not yet been determined. The development team “strongly recommend everybody that has downloaded the 1.4.12 package after the 8th December, to redownload the package.”

For full details and correct checksums see http://www.squirrelmail.org