you could introduce a lot of potentially "risky" options.
1) the ability to do "Half-open", FIN/ACK, RST, and other types of scanning methods not detectable by many Network IDS packages.
2) optional banner grabbing for determining the service running on the port
3) automated online searches for known vulnerabilities to these services
4) automated scanning of targets
5) scanning ranges of IPs
6) packet fragmentation
7) http proxy scanning
8) ftp "proxy" scanning
9) determining who owns a particular IP, then querying public databases for all domains and IP ranges owned by them

the list goes on and on. Essentially, imagine combining nmap with nessus and amap, with a few modifications. You've now got yourself one hell of a sys-admin's nightmare. any kid on the street could fire it up and have it auto-download all the scripts needed for breaking into a particular system, as well as detailed logfiles of the scans.

Aaron