There are security vulnerabilities, I don't think anyone in their right mind can deny that. Ultimately they're no different than being able to install software on your computer though. So, assuming reading your bank account were a user-level privilege, nothing prevents software you install from accessing it. As long as you can install software, you can install malicious software.

Theoretically, gpg could be capturing my key password. It couldn't capture other peoples' key passwords though.