Applescript can be used to bypass interface elements like layouts and scripts, but not user privileges as defined under Manage Security.
On Windows it is anything that can use ActiveX, not just VB. And you still need to provide credentials to open a file before you can use it. So the native FM security scheme can not be bypassed with it.
However, most roll-your-own security schemes may be vulnerable.
If the file is already open then and you can run rogue VBscripts or VB apps or any other scripting mechanism that uses ActiveX then you have a larger problem because the machine is infected...