If a user has direct write access to a block device, and can mount that block device, then they can write a suid executable to the block device, mount, it, and execute that file, and thus, gain root access to the system. This is why mounting is normally restricted to root.
Now root can allow normal users to mount with specific restrictions, but he needs to make sure that if the user has write access to the block device, that the mount disallows suid, and also devnodes, which have a similar problem ( the user can craft a devnode that gives them write access to an important device they shouldn't have write access to ).