My apologies for the headline. I couldn't resist. Yesterday, Jeff at WP Tavern covered yet another new A/B testing service. With dreadful timing, the site was also flagged by Google as malware for some users. As a commenter points out in the follow-up post on WP-ABTesting (the flagged site), it turned out to be flagged because the URL in the main style.css file was the site that actually had malware.
I'm not a security expert at all, but this seems pretty wild. And it would make me hesitate even more than I otherwise would about using a theme from an uncertain source.
Also, I feel for these guys. That's some awful timing.