Secunia.com issued the following security advisory yesterday:
Blender "get_bhead()" Integer Overflow Vulnerability
Damian Put has reported a vulnerability in Blender, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.
The vulnerability is caused due to an integer overflow in "get_bhead()" in "readfile.c" when parsing ".blend" files. This can be exploited to cause a heap based buffer overflow by tricking a user into opening a specially crafted ".blend" file.
This vulnerability has been fixed in 2.40 so if you haven't already, upgrade now. If you ask me, embedded Python scripts are a much bigger risk so it's always a good idea to check the source of a .blend file before you open one.
You can read the full advisory here.