Export as PDF option might be a bit sketchy. You can inject whatever you want into the URL and it'll end up in the PDF. Not sure if it's sanitized (I am not familiar with the PDF file format) but if not, this could lead to exploitation.

Of course it wouldn't be on a grand scale necessarily, but as they say in several contexts, "a hole is a hole."