1. 4

The top answer includes a demo server that can exploit a connecting client.

  1.  

  2. 3

    Practical exploitation of many clients is probably useless because they aren’t persistent. Like wget. There aren’t a lot of secrets in wget memory. Maybe your username, home directory, whatever is available via getenv.

    Browsers would be a bigger issue. For instance, lynx might be coerced into visiting a link and divulging all manner of secret data from previous connections.