Is your login information secure or has someone else been able to access it? Have you posted an email address on the blog, rather than using a secure contact form? http://en.support.wordpress.com/contact-form/

If you think your blog has been hacked do what follows:
1. Go here > Users > All Users and delete any user that does not belong there.
2. Disable post by email > http://en.support.wordpress.com/post-by-email/
3. Disable post by voice > http://en.support.wordpress.com/post-by-voice/
4. Change your blog password to a very difficult one and do not post it here > http://en.support.wordpress.com/passwords/#change-your-password
5. Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.
6. Go to your email program and change the password to a very difficult one
7. Read > http://en.support.wordpress.com/security/