Obviously if the user has enough time they could change their user agent to whatever they want including malicious code or whatever. So if you had a site displaying all the operating systems that had visited the page a user could change their user agent values to something like "<script language="Javascript">alert ("You are a looser...")</script>"

I don't see how else these could be abused really.

I wouldn't worry about it too much unless you are displaying the info for users to see.