PDP has a good example of when the non web world can be exploited by web world functionality. In his writeup he described how second life's URI handler can be used to steal the encrypted password hash that can be replayed and used to login to a users account.

"Keep in mind that most attacker don’t event have to convert the hash back to a password string. Attackers can login with the hash itself by forging a request to one of the SecondLife authentication servers. The unhashed password is only needed in situations where the attacker wants to explore other on-line service the victim is currently registered with." - PDP

A variation of CSRF at its finest.

Article Link: http://www.gnucitizen.org/blog/ie-pwns-secondlife