This page describes the different types of risks that different capabilities can raise. (This page is incomplete and needs more information.)
Users could change site configuration and behaviour
XSS (Cross-Site Scripting)
Users could add files and texts that allow cross-site scripting.
Users could gain access to private information of other users
Users could send spam to site users or others