The
Computer Security Lab of Rice University has found that the
Google Desktop Search (GDS) engine contained a serious security flaw that would allow a third party to read the search result summaries that are embedded in normal Google web searches by the local search engine.
An attacker would not be able to read your files directly, but the search results often contain snippets of your files. If you had a file with a list of web passwords, for example, an attacker might be able to read some of those passwords.
To be attacked, the user must visit the web page of a potential attacker. The attacker includes a Java applet in the web page. This applet will appear to the user as a normal part of the web page, but it will also make certain network connections that trick the Google Desktop into integrating its local search results, even though the applet never actually connects to Google. The applet can then read these integrated results and transmit them back to the attacker's web server.
This is why most of Google Desktop Search users have observed that in these days Google has activated an autoupdate.exe process on their GDS engine. Google is involved on a GDS upgrade and al users that have a version number like 121004 or major are safe.
HERE you can find a PDF with major details.
I think this is only the first flaws discovered on software like these and I'm waiting for new MSN's and Yahoo's Desktop Search flaws too.