There isn't any reason why a midi file couldn't be used as an attack vector. There was at least one virus that used image files to exploit flaws in the image processing engines of various web browsers. If fact, any program that reads in a data file can be exploited if the program is not coded to correctly handle unexpected information.
Fortunately most modern software is coded to handle such cases and I'm personally unaware of any malware that exploits undiscovered flaws in DAWs or MIDI players, but that doesn't mean they aren't out there! And ya gotta watch out for that really old software.
To address your issue, I would guess that complex or poorly composed MIDI sequences, perhaps with lots of PC's, CC's and such could stress the sequencer or a virtual instrument to the point where dropouts occur, but I don't know for sure. There are some preference settings that specifically address midi performance that you might want to read up on. Unfortunately I don't remember what they are called, but I believe they have to do with caching. Hopefully someone else can chime in on that one.
Keep virus-scanning those files!