So far as I can tell the security is based on the blockchain and the POW that will be used in roughly the same way bitcoin does this. The big difference is that ethereum scripts are more powerful. I dont see a reason why this introduces new security considerations, but it is certainly a valid point to consider. And still I say this based on my understanding of the model of ethereum and not on the implementation.
This does not answer the question. What does the blockchain and the PoW aspect have to do with the scripting portion (which is what I was referring to)? Vitalik himself has said that it is possible to create a contract within a contract, likely ad infinitum. This means that a malicious contract could be called by a non malicious contract. These non malicious contracts will essentially be used to masquerade the malicious one. And the layers could make identification much more difficult. The typical end user is highly unlikely to detect such a complex script and by the time someone with the knowhow to spot the malicious code calls them out it will likely have already claimed many victims.