In dynamic linkin, all external references are that of a stub.
A stub is a piece of code which knows how to locate and load the appropriate memory resident library routine which is needed.
So, if this stub contains the address of a malicious code, then security is a concern.