And now you have me wondering if your comment gets a new id when you update it. If so, convincing people to execute random javascript code could be a good way to build karma. Let's find out :-)
$('#up_5210561').click()
EDIT: Comment id's remain the same when you update them. Now for the social engineering aspect...
Ideally one would embed a webpage with a hidden image that loaded the upvote URL for a particular post of yours. Every logged in user would unknowingly upvote that post ID. Thankfully HN is built with form keys, so that particular CSRF attack won't work.
Social engineering would be more difficult, I seem to remember that Chrome prevents javascript strings from being pasted into it's URL (you can still type them), in order to prevent attacks just like this. There was a number of attacks on Facebook that involved asking users to copy and paste a dodgy looking javascript string into a Facebook tab in order to "win" something. Of course it just spammed posts and stole session information, but it was still an interesting attack.