Actually, even without hints or any other "code" parsing nontrivial formats provides opportunities for bugs causing buffer overflows or other memory corruptions. This simply shouldn't be done in the kernel, period.

However, twenty years ago (when this code likely has been written) security in the PC world was pretty much nonexistent and nobody cared about such issues.