Re: Untrusted Font?
Yes, there are / have been vulnerabilities exploited. More recently in some Adobe format than TTF files.
Also the issue of privacy. Fonts being used to track, because people are blocking the 3rd party cookies (browser setting), clear gifs, 3rd party scripts etc (NoScript). I only allow fonts from same domain as webpage. Also you can (on Linux anyway) download many of them so they don't need to be loaded from the 3rd party domains.