Remember when, years ago, there was an exploitable flaw in WinAmp's loading of .m3u playlists! That format is neither proprietary nor complicated.

The 1989 Morris Worm exploited the loading of a character string into a C buffer (by means of the gets function). The data format there is "line of text (which may only be yay long)".

I think the main point here is "don't forward me documents that can only be viewed with large, complicated, closed-source programs, if you did not write those documents". This is reasonable.

As consumers we basically trust these proprietary programs not to be malicious in and of themselves. Let's put it this way: if Microsoft wanted to do something bad to your Windows PC, they could do it in so many ways not involving the loading of a specially crafted Office document.

We also trust documents created in these programs by people that we trust. If my friend created a PPT he wants me to view, it probably doesn't contain an exploitable hole. (Probably: because there could be some virus that spreads from malicious documents to good documents via exploit code running inside the document application.)

Taking random PPT's, DOC's and XLS's from some unknown sources on the Internet and circulating them to people in your address list: totally bad, unacceptable.

There is no reason that some circulating joke has to be a Word file! Even if the author thinks it requires colorful fonts: use HTML, damn it.

Proprietary formats (and software) has a tendency to be more overfeatured than open formats.

They're also standardized and have a rather large installed base, much of which is inconsistently updated. As attack surfaces go, they're large.

Relying on specific misfeatures to be present, exploitable, and useful on a diverse set of platforms is more chancy for the attacker.