You asked on your Domino Security WebSite for an explanation of the "Stored Form" vulnerability.

There really is no "special" vulnerability other than the fact that it's a standard Notes feature that a form is programmable. Therefore, for example, anyone with sufficient knowledge can create a form with "Store form in document" enabled, place some programming in, for example, the Form's PostOpen event, create a document, and mail it to another Notes user.

If the receiving database (the mail db, but it could be any db) has "Allow use of Stored Forms" enabled, and if the user's Execution Control List (ECL) permits it (or if the user allows execution to continue after receiving an Execution Security Alert), then the PostOpen code, which could potentially contain destructive instructions, will execute when the document is opened.