This can lead to security issues because most widget authors do not expect their widget to be executed in an html attribute context.
For example, consider the following wikitext :
<div title="{{#widget:UStreamLive|width=onmouseover=alert(1);//}}">
executed at http://www.mediawikiwidgets.org/Special:ExpandTemplates . It executes arbitrary js whenever your mouse goes over the widget.