And using printf like that forms a class of vulnerabilities known as format string vulnerabilities, in C and other languages that pass to the libc function directly. The interpreted languages generally don't and are safe from this. It causes a denial of service (program crash) most of the time.