Rob, [1] my roommate, just found a hole in sendmail. It's not an exploit that allows one to gain access to the machine, but it would potentially allow someone to use a system running sendmail as an open relay.
It's not that easy to exploit (thankfully) but theoretically it is.