A bug was found in the way the beagle-status script calls the beagle-info script. Please see the folling Debian bug for more information: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=357392 This bug could allow a local attacker to execute arbitrary commands as the user running beagle-status.
beagle-0.2.3-4 has been pushed for FC5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.