We always should be aware of malicious obfuscated code injections.
Read: http://security.stackexchange.com/questions/34271/how-can-you-inject-malicious-code-into-an-innocent-looking-url
and example: http://stackoverflow.com/questions/3115204/unicode-mirror-character
For some further background info: http://www.casaba.com/products/UCAPI/

So always valdate these uri’s and see where they actually will take you!

polonus