Whenever one of the spam-bots submits a certain character — what I believe to be right single quote (146) — my guestbook deletes itself. I think this occurs when it is not parsed correctly preventing all the past entries being kept when the new entry is added.
There are a few ways to solve this problem. Instead of relying on the class to hold all current entries the file should be accessed directly and the new entry added just before for the end of the guestbook element. For a complete solution the data sent to the server must be logged in a binary file when adding the new entry produces a parse error. The XML must be checked for parse errors before the file is written to disk.
UTF-8 and XML seem to be quite a dangerous combination to use in PHP 4 — usually I stick to MySQL/US-ASCII — but once I understand the issues and fix this problem my confidence with and use of these new technologies will increase.