SetXid problems

Any program that runs with additional privileges is a potential security problem.

Can read/write files unaccessable by the invoking user
What if 'chage' had a bug, and allows you to see all /etc/shadow entries?
What if 'eterm' had a bug and allows you to edit /var/log/wtmp?

Can access capabilities reserved for root iff suid root.
What if 'ping' had a bug and allows you ping flood hosts and/or broadcast?
What if 'procmail' had a bug and allowed you to overwrite any file?
What if 'pppd' had a bug and allows you invoke a shell via 'pty' argument?