There was a recent discussion about this in JoS. The problem is that users simply click on a hyperlink in an email message, and their subscription is automatically confirmed, their membership is automatically activated, and so on.
The implications of doing things this way was brought home to me rather unexpectedly recently. I received an email from Yahoo Groups about approving a membership request, but the person making the request didn't actually want to apply for membership: they were simply trying to get in touch with an existing member. I dutifully forwarded this message to the entire group, leaving the acceptance/rejection mechanism in place. To be fair, these are mailto: links, but I think this still qualifies as a vulnerability, since the email address is a specially constructed one that triggers the required action when a message is sent to it.