The much-hyped 'DAO' that has crowd-funded over $100 million dollars worth of ether, is based upon one of the largest contract code seen so far. Even if it has been code reviewed, it's almost certain that bugs remain in there. All it takes is one hacker to find a flaw and $100 million will be gone in an instant
As a developer in the Ethereum space this idea has actually been something I've thought about a lot. It's on a list of things that I'm looking out for because they will inevitably happen.
1. Like you said, a bug will cause the "effective" theft of a huge amount of funds.
2. Someone will make a contract that unexpectedly makes a huge amount of money. That contract however will have absolutely no mechanism for extracting this money, forever locking the money it makes away beyond reach of anyone.
3. Someone will make a contract that the American government has deemed illegal. That contract will have been made such that there is no off switch. The only possible way for them to stop it would be to convince the majority of the network to remove it via a protocol update. I expect they will not be able to get this majority and thus we have an unstoppable force meets immovable object situation.
4. Ethereum will have it's `npm` left-pad moment when a contract that is used widely is suddenly suicided. The number of down stream effects will be enormous. Most of them will be unfixable.
Clearly the DAO's first investment should be in getting Augur up and running, so DAO token holders can hedge against a DAO hack in the prediction markets...
