I've recently heard about CVE-2013-4287, which can cause denial of service due to CPU consumption.
But earlier this year, I attended Hacking with Gems which showed all kinds of weird and wonderful things a hacker could do with a malicious gem.
If a malicious author could easily make a variety of exploits, why would they bother just with creating excessive CPU consumption?