Couldn't someone use some kind of memory overflow, to then make the computer execute code on the machine? So it would need some sort of bug - but since bugs tend to exist, such things have been done on other systems routinely.
In the case of AT it would only really be possible via the AT API having a bug (which is why it is purposely not a very large API).
Thorough testing of API functions should ensure that there is no "deadly memory leak" or the like but of course "complete coverage" isn't so easy (so constant reviewing of the API source code would be required).