A recent thread discusses possibly security issues with embedded scripts inside RSS items. Basically the idea is that an RSS item could have embedded scripting that attempted to wreak havoc.
Read on for an amusing Newton hack. I agree wholeheartedly with what he concludes:
RSS with extremely rare exception, does not need live scripting embedded in it. Reader programs should attempt to neuter anything that looks like a script AND tell the user about it.