SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field.
http://lists.apple.com/archives/security-announce/2005/May/msg00004.html