This bug is pseudo-fixed, I reported it to Google two weeks ago, and now the server escapes all the tags, but when you try to publish a site the problem is still there.
On Google+, when you publish a new comment if it contains a link, the Google+ server goes to the site and gets the description, main picture, etc.
The steps to reproduce this bug are:
1._ Create a web site, I used my own website.
2._ Inside the meta description tag include an image tag, like:
<meta name="description" content='<img src="https://www.google.com/accounts/Logout?service=profiles" />' />
3._ Go to Google+ and try to link your site. Google+ will read the description and serve it, when this appends the browser will try to load the image from "https://www.google.com/accounts/Logout?service=profiles" that is the URL to do Sign Out.
You can include the site without the img on the description, publish the comment, and latter change the description, this will be show to all the users.
Using this method you can create a worm (I'm not sure about this), including an image with the URL to share the post, and after this another image with the URL of the Sign Out, and in a pair of hours all the people will be banned from Google+ :)
This is the video with the bug demostration: