Well, it really comes down to the implementation and design. If you allow the scripting engine to use direct memory access, script writers can likely use this feature to overwrite some variables or function pointers, which is an excellent candidate for buffer overflows and remote code execution. The scripting engine should be implemented carefully to prevent this kind of misuse.