Please find below a patch for the sendsms script, making it work without superuser privileges.
Currently, the sendsms script must execute with root privileges because it invokes chown(1). It can be made available for other users either by setting the SUID bit or via sudo(8). The former method is a well-known security risk, and the latter is inconvenient because it complicates the non-interactive use of the sendsms script, e.g. from other scripts.
The patch improves the situation by allowing the members of the smsd group to run the script without escalated privileges. The actual names of the user and group of the smsd process may vary and are therefore determined from the inode of the outgoing message directory.
The old authorization mechanism based on MD5-hashed keys is a bit pointless in my opinion, so the patch proposes its removal. With sudo, authorization is better handled via the sudoers(5) file, and with SUID bit set, you can basically consider your Linux and most UNIX systems already compromised.
There is one problem in the patch, though. When run as non-root user, the contents of the submitted message are visible to other members of the group as well, at least for a short period of time before it is sent. But as long as message submission in based on a shared directory, I cannot really see a way around this. One secure solution would be to implement submission via a socket. If someone thinks that this kind of visibility is a bigger security problem than requiring escalated privileges for the script, he can keep running the script as root, in which case the updated script will still invoke chown instead of chgrp(1) and chmod(1).
BR,
Kaarle