Earlier this week I had a discussion with Patrick McElhaney about a possible security issue with BlogCFC. Patrick pointed out that the Pod Manager lets you add any CFM code you want to your pods. Patrick felt this was a danger as a blog author could put malicious code up on their blog.
Now my feeling is that this is no different then the file manager. Also - you have to trust your blog authors somewhat. I mean, if I'm a blog author and wanted to screw your box over, I could always post porn or other damaging material.
While I see the risk - I just see it as more of an edge case. Anyway, you can easily disable the File Manager via an INI setting, as well as disabling the ability for blog writers to change their settings. Scott Pinkston sent me a mod to give the same ability for the Pod Manager. It would completely turn it off - not just the edit ability.