All I can think of is stuff like DNS cache poisoning from forcing lookups, which shouldn't be a threat these days (and there are infinite other ways to force the server to do DNS lookups). The purpose of scripts.mit.edu involves students and faculty running old versions of WordPress and writing custom PHP to learn the language, so the threat model very much assumes that malicious people have compromised at least one unprivileged account at any given time. Hostname lookups are a drop in the bucket compared to that.