Custom Head and Footer Code

I'm hoping one of the members could shed some light on a blog security question I have. Does using a theme with options for adding custom code to the header (before the closing header tag) and/or footer (before the closing body tag) multi-user blog network pose a security risk? For example, could these fields be used to insert malicious code?