Depending on system security settings, it is quite possible that a user could block - or at least be given the option to block - an outgoing e-mail. You have a gauntlet of issues. The address to which you send the mail is usually not a problem but...
First, if you use Outlook, it can be told as a matter of site or manual policy to disallow automation e-mail sending.
Second, even if you use something like CDO (Collaboration Data Objects) - which can also send e-mail - you have to get through your SMTP Gateway server, which will probably be protected by a firewall. These days, it is possible to set the firewall to block things NOT sent via Outlook.
Third, as GPGeorge points out, it IS possible to bypass your startup code or modify your code depending how it is distributed.
Fourth, storing a login and password in a procedure when there are all sorts of tools out there to disassemble your code? Invites account compromise and spoofed e-mails.