There are a bunch of new exploits out that use bluetooth to do a whole list of dirty deeds. It covers everything from simple data harvesting.. collecting your emails, your text messages, and your whole phone book to actually being able to send things as you to other people.
These are basically replay attacks where the attacker spoofs being a previously connected device. This is just poor coding practice. This is why the Sec in DevSecOps is important.