This has not been vetted for legitimacy, but Brian Masterbrook does have a background in finding vulnerabilities. However, I suspect this is a buffer overflow type issue. If the RSS feeds use the regular data stack area, then there is little damage a buffer overflow could do because on Macs the data stack is non-executable. Any malicious command imbedded in the overflow could not execute. Also, the command locations, say for the system command to load or open a file, are randomized so that any such command to jump to a system calls would land purely randomly and be unlikely to hit on anything damaging.
Windows Safari users might be more at risk.
Apple Safari Ping!
If you want on or off the Mac Ping List, Freepmail me.