The issue that may arise is that a link may appear "legitimate" or intended by a user but the IDNA-translated URL may result in a DNS lookup mapping to an attacker's DNS zone file which could result in phishing and similar attacks. This of course is not an issue unique to IDNA as it occurs on a daily basis within the Latin alphabetic representation in DNS. Attackers publish links that substitute "1" for "l" or "0" for "O", etc. or outright misspell otherwise familiar words or company names. But IDNA adds an additional layer of obscurity as homographs will be indistinguishable to the otherwise careful reader.
Here are some links on the topic for details:
- IDN FAQ at unicode.org
- Unicode, IDN (IDNA), EAI (IMA) and Homograph Security by Shawn Steele
- Security Degradations with IDNA2008 by Mark Davis