The take-home message from IT is basically "never open an e-mail attachment from unknown sender".

Adobe added embedded javascript to pdfs. Its an option to turn it off but its enabled by default. I turned mine off a long time back and never notice any problems but I don't use a lot of pdfs with interactive forms.

I have yet to see an exploit that can be performed with a .txt file. PDF files can have all sorts of interactive junk and nested files embedded in them - you can get really crazy in that format.

This is it. You can load a .txt as a skill too.