There have been a couple of posts (here and here) talking about alleged security vulnerabilities in NewsGator and other news aggregators. The first post supposedly describes a way to have a news post contain an Outlook “virus” that will send an email to people in your address book; the second shows a RSS file containing script which could be annoying or malicious to a user.
I have posted a response for our customers on the NewsGator News and Updates page; the gist of this is that for the first problem to actually be a problem, you would have to manually edit your Internet Explorer security settings to loosen the restrictions.
For the second problem, OL2002 is not vulnerable at all by default. OL2000 will actually execute the script, just as with HTML email messages, but this is easy to disable (and should indeed be disabled in most cases).
Not to mention that you’d have to be pretty bold and/or stupid to stick malicious script in your rss feed.