There arn’t any really, the only threats possible would be based on poor programming which creates an insecure access point to connect to a PC /send files unmonitered, and even for an IM program that is really hard since the IM is only there to send and recieve data and turn it into text, it doesnt accept commands to control OS features and so on.
Your more likely to get a virus from a website that to have a security breach from an IM product.
That said, most IM programs are bloatware nowerdays (allowing files to be downloaded etc…) but in general the security risk is pretty damn low. Just dont go running .exe’s your “internet buddies” send you
I’m not sure what kind of, if any, encryption Gaim uses, but I know for sure that Skype is encrypted. I believe that uses 256 bit encryption for everything it does. You can talk, chat, send files, and all sorts of fun stuff with Skype.
Most IM protocols don’t have encryption, so don’t go typing anything secure in them. File transfers (and, in some cases, just chatting) can reveal your IP, though this is much less a problem than firewall marketing people make it out to be.
As for viruses, it’s about as safe as email - anyone can send you a link to a virus, or (on some protocols) send you the virus itself, but nothing will happen unless you actually run it.
Actually, now that I think about it, it’s about as safe as email on all counts - unencrypted, can reveal your IP to anyone you talk to and suseptable to really easy to avoid viruses.
End-to-end encryption is avaliable for most unofficial clients, like Gaim, but they probably require whoever you’re talking to to be using the same client, with the same plugin… most people will probably be using the official clients, which don’t have encryption as far as I know (though I haven’t looked into it much).
One thing that you could reasonably do is to set up a non-privileged separate account for yourself, then use the IM program exclusively through that. (Just su with the username of the limited user.)
From this separate account, none of your files are accessible to the IM program. Naturally, since the account has no special privileges, neither is the system. Any files owned by the separate user wouldn’t be available to your regular user, unless (as the separate user) you moved them to a common place and allowed access… a very conscious and deliberate thing to do.
Realistically speaking, you can never constrain what a program might try to do (with or without your knowledge), but you certainly can use existing operating-system features to strictly constrain what any program will succeed in doing.
“Even Windows” has excellent user-access controls! Trouble is, most users until now have left them turned-off, or don’t even know they exist. People who routinely lock their doors at night, and their cars when they park them, leave their computers completely exposed. For no good reason at all.