In fact by using this command the inbound IPSec traffic bypasses all access-list or conduit.I didn't hear about any vulnerabilities but you can specify precisely your IPSec traffic for high security purpose so you should explicitly define ACL or counduit and then add them to outside interface access group.
