This is a problem even if you can verify the results, e.g. you are taking a copy of a large file that is either signed by a third party or there are published checksums for (think ISOs etc.). You'd think copying a file was a relatively safe operation, even if you don't trust the server, the worst that can happen is that the file you get is compromised and maybe you've got a bug in your checksum or signature verification that can be attacked when you attempt to verify (a risk that essentially every computer exposed to the internet runs all the time). The problem here is that an arbitrary file on your end that has nothing to do with whatever you are copying can be attacked. That is a very different kettle of fish.
Biting the hand that feeds IT
