Wouldn't ligatures be a more effective attack vector for the "Maryland -> Delaware" case? That's all that ligatures do -- render a specific sequence of characters as something else.
We're definitely not TrueType experts and took the relatively "straightforward" approach of generating a small custom font for each mapping. If it's possible to render "Maryland" with ligatures while mapping the same string to "Delaware" in Unicode, then that's just another example of the vector. Really interesting stuff, and we'll be checking it out!
Yeh there's lots of fun things like this; PDF is a full programming language so I think in principal you can generate PDFs that display different things to different people depending on the tools used etc.
I've heard it said some of the incorrect text mapping stuff has been used in the past as a copy-protection silly to stop people copy/pasting content. (It's also a pain for those using screen readers).