The version of vim in pkgsrc (6.1) is vulnerable to a scripting attack
reminiscent of MS Office programs, javascript-enabled browsers, java
applets, and the like:

  http://www.guninski.com/vim1.html

I just tried the attack out on my NetBSD 1.6 box; it worked just fine.

There are patches out to fix this, and FreeBSD ports is using them.
Strangely, though, the problem is not prominently mentioned on the
vim.org site.

  Alan