The following features of VirtualBox can present security problems:
Enabling 3D graphics via the Guest Additions exposes the host to additional security risks; see Section 4.4.1, “Hardware 3D acceleration (OpenGL and Direct3D 8/9)”.
When teleporting a machine, the data stream through which the machine's memory contents are transferred from one host to another is not encrypted. A third party with access to the network through which the data is transferred could therefore intercept that data.
When using the VirtualBox web service to control a VirtualBox host remotely, connections to the web service (through which the API calls are transferred via SOAP XML) are not encrypted, but use plain HTTP. This is a potential security risk! For details about the web service, please see Chapter 11, VirtualBox programming interfaces.