What they did not provide Vista with was the ability to tell which sounds are coming from the speakers and which sounds are coming from your mouth into the microphone. The result? If you play a sound file with Vista commands in it, Vista does what the sounds tell it to do. Even if the commands are to delete all your files and empty the trash to make sure you can't get them back!
This means that sound played through the speakers from any source could trigger voice command actions. User-friendly? You bet. Safe? Well