The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
http://secunia.com/advisories/32706
http://support.apple.com/kb/HT3298