Two major risks happen to exists with chris example:
Malicious people could misuse them as bouncers to attack other sites
Not every URL is a web page. Some can load plugins, display information and
In Internet Explorer (and Safari) this will give you access to the domain (cookies, etc...). In Firefox you can still do other funny things.
whitelisting of the user delivered urls.
UPDATE: The above example for a simple XSS does no longer work. However there are still other XSS vulnerabilities like variable-width problems in the CSRF redirector and it is still an open bouncer for malicious persons.