In the case that hypernote is presenting the components are published server side so the clients doesn't execute any code more than parsing the hn, maybe @npub1p4kg...cxf8 can tell more about this, or the security of hn syntax. However, I don't see significant vectors of attack in this approach at first glance. On the other hand, the security risks of MCP involve prompt injection, where the llm using it can be guided to provide sensitive information or perform suspicious actions. In this case, since MCP's are used by a human, the responsibility lies with the user when providing sensitive information or performing any suspicious actions.