More specifically, it varies by carrier legacy system. Finding the correct email-to-SMS address construction (usually some variant of phonenumber@domain.tld) may take some poking around, and it's not uncommon for the domain.tld portion to refer to some prior carrier acquired by the nominal provider (e.g.: your AT&T wireless number might have a cingular.com address, though don't quote me on that).
That said: it typically works and is fairly reliable once you've identified your gateway.
In the US, does number portability between networks exist? In NZ, it causes problems with SMS gateways, which seem to (in general) naively use the prefix as the sole means of identifying which operator for a number.
This seems to be using a hack I also figured out back when I was in high school, working on a project. I also wrote about it years later on my blog[0]. If you look at the source it creates an event with an sms remainder but the time of the event and the scheduled time of the remainder are created in such way that the remainder is sent immediately. There's also a low limit on the number of characters you can use (~60).
I'm fairly certain Google requires you enter a confirmation code when setting up a phone number (the code is sent via SMS to the phone) for specifically this reason. It's not as though this is the only piece of software using the Calendar API; Google has already had to think of these potential exploits.
This Google doc script monitors your websites and sends an SMS to alert you when down. It uses the same "Calendar->SMS" feature.