If so, there is little to stop someone from walking up to your PC and using it. So that's one issue. If the browser is current then most attacks rely on the user to install something or to send them the needed information to complete the phish or attack.

So just an open web page is usually not extraordinarily risky beyond the obvious issue.