Comment 21 for bug 64064

There are risks -- users can add in-path executables to the system, making it easier for an exploit to be leashed against the user. A malicious script can install a bunch of tools under similar names to existing commands (i.e. ks instead of ls) so that the next time the user types that on accident, something bad happens.

Of course, if a program has been compromised enough to let this happen, then this should be the LEAST of your concerns ;-)

I would personally like to see this configurable and not enabled by default, as it's not really standard practice on any distro currently and not everyone would like it.