If they're configured to run as administrator, they can get up to a lot of mischief even without running in the kernel. For example, they can open ports to the internet and add firewall rules...
More importantly, if they're installed on a large number of machines, they become an easy target for malware authors - observe the number of exploits targeting vulnerable link handlers like steam and uplay's, where it was possible to invoke an arbitrary executable from a hyperlink.
More importantly, if they're installed on a large number of machines, they become an easy target for malware authors - observe the number of exploits targeting vulnerable link handlers like steam and uplay's, where it was possible to invoke an arbitrary executable from a hyperlink.