Answer from cs61c-ej (Leon Wang 16247444) for Question 1
Someone can put instructions in something that's supposed to be data.  So the user thinks he's opening an mp3 file but he's actually executing instructions to delete files.

You could probably waste a few bits to have some sort of security tag, but that's stupid because you're wasting bits and you're wasting cpu cycles.