These "security vulerabilities" make things seem much worse than they really are.
These are not really security holes - it is just the way the features work.
If you don't set things up right, you can leave things dangerously vulnerable.
It is like any computer - if you just plug it in "as is", without configuring user accounts and groups with proper permissions, anyone can do anything to a system (well, for Windows this is the case).
However, if configured correctly, only trusted people can do serious things.
Although it is not really a security hole, there are measures that can be taken to prevent these problems, such as disabling certain file-extensions for media.
These features will most likely be added in 2.5.3 (or 2.6.0), just to make things more flexible.