Technology security firm Revuln has released details of a potential exploit utilising Steam and Safari.
According to the company's report [PDF], Steam's external protocol links - those used to quickly open Steam and install games directly from your browser, as from the online storefront - can be opened invisibly within Safari. A malicious party could utilise this to compromise remote systems, apparently.
While most other major browsers prompt the user before opening an application, Safari is the default browser of OS-X and has quite a large footprint, making the exploit somewhat serious.
If you're the techy type, the full report accessible at the link above is likely to be of interest; otherwise, sit tight for word from Valve as to how serious it considers this problem and whetherpreventative measures will be enacted.