There is also account security (e.g. changing my default withdrawal account to something attacker-controlled), for instance. Password security (people re-use passwords...) And perhaps an attacker can withdraw money or BTC from your Mt Gox account?
This is BTC - security amateur hour - so you may well be better than, say, Mt. Gox. But if you get going, you should have someone competent looking at the code. (tptacek and co do that kind of stuff, but he's not exactly a BTC fan. Also, this kind of work is expensive.)