I am positive that binfmt poses no real security concern. It would simply make Windows binaries interchangeable with Linux binaries, and all of the security protections that currently apply to Linux binaries would apply equally to Windows binaries. Some versions of Windows happily executed binaries from USB drives or from the Internet without asking, but that does not happen on Linux. In fact, it's easy to forget that you have to explicitly give execution permissions to a downloaded file before Linux will let you execute it. If the file is on a USB drive, unless the drive has a Linux filesystem, the binary must be moved off of the drive before it can receive execution permissions.
I think the real problem here is a technical one: The loader would have to launch Wine, Mono, or DOSBox depending on the contents of the binary.
-Alex