Form data can contain sensitive information. What's more, it can be initialized with a file URI scheme, which has the capability of pulling data from the hard drive of anyone who loads a form. Combine this with an XML Events-powered submit that occurs as a part of form loading, and you have the potential for a serious privacy breech. Using the file scheme, a hostile XForms document could also potentially overwrite files on the hard drive of the person viewing the document.
Browser vendors over the years have gradually learned their lessons and incorporated restrictions in their products to prevent these kinds of abuses. Still, an important part of authoring an XForms solution is to stop and think about what could go wrong, and testing is a key part of that process.