The code itself could be malicious and have backdoors. Really you shouldn't run anything untrusted outside a sandbox or some other form of isolation