Here's what each of the colours mean:

Red (Cross-site scripting):

Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only.

Green (Configuration):

Certain capabilities are intended for administrators only, as they enable users to change the site configuration and behaviour.

Blue (Privacy):

Certain capabilities enable users to gain access to private information of other users, for example non-public information in a user's profile. These capabilities are intended for administrators and teachers only.

Yellow (Spam):

Certain capabilities enable users to add content to site, for example forum posts, account creation, and send messages to other users. These capabilities may be misused for spamming purposes.

From: http://docs.moodle.org/19/en/Risks

How much of a concern each of these are depends on how much you trust your users and what you want them to be able to do. If you post some of the capabilities that you have set to allow that come with risks I can give you more details on each case.

Simon