Nasty little cross-site scripting attack via PDFs hase been discovered: Chris Shiflett: The Adobe PDF XSS Vulnerability.
Any site that has PDFs is vulnerable. The interesting thing is that it doesn’t compromise the server of the web site. The attack can gain access to the site visitor’s computer by passing some code in the URL referencing the PDF on a site. The post I link to provides info on how to upgrade your own computer and what you can do on the server side to prevent this from being used.