Sorry to intervene, but "expoits" and "security risks" aren't limited to DCC send/get. To put it different: stating you're safe as DCC had been disabled is plain wrong.
Malicious scripts are able to do virtually as much "bad things" as any other malicious piece of software could do: manipulate/corrupt/delete local files, collect sensitive data, send/get files/data without your knowledge, what have you.
This doesn't mean most mIRC scripts are potentially dangerous or even written with bad faith. It simply means scripts can be powerful tools - for a lot of uses and, sadly, abuses.
You should treat unknown scripts the way you would treat a unknown application: don't load them if you cannot verify they derive from a trustworthy source. Also don't load what you don't need. You wouldn't doubleclick that "unknown.exe" either, would you?
The same goes for unknown commands: don't type something just because someone told you to.
That said, You can never have 100% safety. Though if you follow the above and generally known safety measures (up-to-date antivirus software etc pp), you don't have to fear mIRC more than, say, your web browser.
