A few months ago, an exploit of Minecraft 1.8 was released to the public. This exploit involved forcing the Minecraft Client to download a malicious file from a 3rd-Party website or server. Once the severity of the exploit was seen by Mojang (The creators and owners of Minecraft), the exploit was quickly fixed in the next update of Minecraft, which was Minecraft 1.8.4.
Since then, the Minecraft developers have released several updates fixing other exploit/security risks and a minority of those exploits allowed players to get operator/administrator status on servers, which again was only fixed by Mojang once it had been revealed to the public.
If you find any exploit, vulnerability or security risk in any software (Including games), please report them the the developers/company that own that program. It is important that you do report them, as they could pose as a threat to your security later if they do get released to the public.