Fukami has published a post to The Web Security Mailing List outlining some risks with Adobe's AIR platform. I can tell you first hand that these sorts of applications are going to start popping on on many large sites in the next year....

"In general every file on local file system can be accessed by AIR apps. This includes reading, writing, appending or deletion as well as testing for file and directory existence. Another interesting feature is the possibility to overwrite calling files inside compiled AIR application during runtime."

Post Link: http://www.webappsec.org/lists/websecurity/archive/2007-07/msg00001.html