I can’t tell you how many times I’ve seen people assume that referring URLs will always exist, or attempt to use them as legitimate security models. All referring URLs can tell you is that someone came from somewhere or is lying to you. In reverse, if a referring URL is not there, it could be that their browser doesn’t support referring URLs (often the case with robots), it is being supressed by a security mechanism like Zonelabs Pro or Norton Anti-Virus, etc…, they typed in the URL directly, that they bookmarked the page or they are lying to you and supressing it. Quite a few possibilities, huh?
Anyway, I’d suggest not using any referrer detection unless it’s just out of curiosity’s sake. Sure it can leak information but it can also be used against you or not even be there at all, as the case above shows.