Running any Cargo commands on untrusted projects poses significant security risks, as these commands can execute arbitrary code through various attack vectors, particularly via configuration files. Users are advised to treat all Cargo commands with caution, similar to how they would treat `cargo run`, and to avoid running them on unknown codebases. Workarounds exist but are not foolproof, emphasizing the importance of not executing Cargo commands in untrusted environments.