Yet another message board

<?
$secret = uniqid(time());
$fp = fopen('./secrets.txt', 'a');
fwrite($fp, "$secret\n");
fclose($fp);
?>
<form action="<? echo $PHP_SELF; ?>">
<input type="text" name="message">
<input type="hidden" name="secret" value="<? echo $secret; ?>">
<input type="submit">
</form>
<?
if (!empty($_GET['message']))
{
    $secrets = file('./secrets.txt');
    $user_secret = "{$_GET['secret']}\n";
    if (in_array($user_secret, $secrets))
    {
        $fp = fopen('./safer.txt', 'a');
        $msg = $_GET['message'];
        $msg = htmlentities($msg);
        fwrite($fp, "$msg<br>");
        fclose($fp);
    }
}
readfile('./safer.txt');
?>