The second of the three security principles listed in my first book is:
Many intruders are unpredictable.
I think the new Adobe Acrobat Reader vulnerability demonstrates this perfectly. (I'm not calling Stefano Di Paola an intruder; anyone who uses his technique maliciously is an intruder, though.)
Who would have thought to abuse a .pdf viewer in such a manner? Read more about the problem here.
This event reminds me of soccer goal security.