What exactly is the drawback of executing arbitrary VM code on an end user PC? If there aren't security flaws in the VM, then the code is sandboxed, and worst case you extract a really big file or hang WinRAR.
Now, if there's a security flaw, that's a different story. But it looks like the VM just gets to play around with memory and registers and doesn't get any libraries or IO, and doesn't rely on type safety for correctness -- which eliminates the typical sources of security holes in more complex VMs such as JVM. And if you don't need great performance, then you can put bounds checks everywhere.
Now, if there's a security flaw, that's a different story. But it looks like the VM just gets to play around with memory and registers and doesn't get any libraries or IO, and doesn't rely on type safety for correctness -- which eliminates the typical sources of security holes in more complex VMs such as JVM. And if you don't need great performance, then you can put bounds checks everywhere.
Safe as houses. Unless someone screwed up.