At first quick analysis it looks vulnerable to the AutoBinding issue (and also to XSS), so here is my draft research notes as download file ASP.NET MVC - XSS and AutoBind vulns in MVC).
Please let me know if I am missing something obvious, or maybe there is something on the new version that prevents this:
Some MVC related links:
- latest blog post from Scott G http://weblogs.asp.net/scottgu/archive/2008/09/02/asp-net-mvc-preview-5-and-form-posting-scenarios.aspx
- Download latest version: http://www.codeplex.com/aspnet/Release/ProjectReleases.aspx?ReleaseId=16775