Correct me if I'm wrong but simply accepting a "malicious connection" doesn't pose a risk unless there is something for said connection to exploit on your system.
Provided there isn't a script and/or mIRC bug to be exploited I don't think there is an issue.
Accepting the connection, even for a split second, indicates to the other party that (1) a computer does exist at this IP address, and (2) something is listening on this particular port. For security reasons, it would be preferable to not reveal either of these facts if it's not necessary.
