Avanan's research into an exploit flaw in the Google Docs' comments feature was highlighted in Beta News. The exploit allows hackers to easily send malicious links via the comment feature. As Beta News writes:
It works by hackers adding a comment to a Google Doc. The comment mentions the target with an @. By doing this an email is automatically sent to that person's inbox. In that email the full comment, including any bad links and text, is included. Further, the email address of the commenter isn't shown, just the attackers' name, making this ripe for impersonators.