Not only that, but combine some random code you don't really know about, and slightly less than stellar (aka average) security practices on the web and you might end up with a backdoor trojan implemented in your open source project:
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt
