Right now IM works just by dumping files onto FTP, so the primary weak point for contamination is actually the server.
...
Of course, it'd still just be a matter of time until someone griefed it just for the hell of it. But it would probably last for months or years.
Don't kid yourself. Contamination will be no exception if there are no barriers. Suppose I'm a newbie exploring DB. I start a sim, click left & right to see what happens, press link to IM and presto a minimalis released.
If you attach userID of the owner of the sim to all bots created in that sim and their descendants you'd have an option to track (which is fun in its own right) and kill (as admin)