Users playing games have to be in the games group. Games with systemwide highscores install into /var/games with 664, so every user allowed to play games can modify the scores. If he finds an application that doesn't expect arbitrary data as scores to load, he might be able to inject malicious code to be run, when another user loads the scores file next time.
*** This bug has been marked as a duplicate of 125902 ***