One of the biggest problems facing users of WordPress today especially when it comes to themes is malware. I’ve seen my fair share of websites using themes whose functions.php file contains base64 encrypted code that when decrypted, shows spam links. However, there also a number of themes that have code within them that installs malware onto the web server. After Chip Bennett, one of the Theme Team Reviewers noticed at least one of his themes were being made available on a website that claimed to have free WordPress themes, he discovered that something was not right. All of the themes available on the website contained some sort of malware that would be installed onto the users site once enabled.
Otto does a great job going in-depth and explaining exactly how this particular piece of theme malware works. Most of the explanation is over my head but it gives you a sense of not only how desperate but also how clever these spam kings are getting in having their way with your website. This is why we preach that you always get your free themes from the WordPress.org Theme Repository because each theme is now reviewed with human eyes to make sure none of that garbage gets into the repository.
The theme repository contains almost 1,300 themes but quite a few of them look like they were designed in early 2000. So I can understand why users would want to expand their reach and check out the wider marketplace of freely available themes but just remember, when you download and use a theme that is outside of the repository, you do so at your own risk.
As an aside, this video which was produced by Leland of Themelab.com provides a great explanation as to why you want to stay away from using Google when searching for freely available themes.