5.1 Security Considerations for Implementers
The file that the Document object stores as an attachment can be any file on the hard drive. When a user opens a Document object, one behavior is to open the attached file directly. This file could do harmful things when opened. While this is less of an issue for a user's personal mail folders, it becomes much more of an issue for public folders. It is up to the client to choose what kind of behavior to follow when a user opens a Document object.