Tunnelblick 3.3beta20 and previous versions allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
google tunnelblick