Comment 19 for bug 85650

> Since Liferea tries to open the links with the browser, afaik, so it
> shouldn't be a big problem :)

That's not completely correct. If you click on the /etc/ssh/sshd_config link in my 2007-05-06 example, you'll notice it opens in a text editor. That's because it is a file:// link, not an http:// link.

I'm fairly sure that javascript is blocked, which takes care of most of the security issues, but someone familiar with Flash should really look into this. Flash running in the security context of the filesystem may be able to harvest local files and send them to remote sites.