VLAN's are becoming greater and greater level of use to seperate security zones in networks. You must ask yourself before using VLAN's 3 questions "How much do you trust your Hardware Vendor, and their Vendors?", "How much do you trust new protocols and technologies?", and "How much do you trust your administrators?",
Hardware vendors, must maintain their security to make sure that a misdesigned line of code doesn't accidently leak the traffic between two seperated vlans, but more importantly doesn't allow for someone doesn't have the ability of inserting the vlan tag into the header and from it being processed by the network processor and redirecting to the victim network. This also leads to the underlaying switch chips by the vendors as well, as this has been moving lower into the hardware over the decades.
Over the years new protocols have been implemented to make VLAN management, and user security such as VTP from Cisco, this could inadvertantly without proper configuration to extend a VLAN that shouldn't be, and with things like 802.1x the default VLAN configured but is used within a security zone, if these get cross connected, it could allow for more leakage of data.
Your administrators can limit many of these mistakes by being ontop of the security and keeping the systems patched. Also are they going to withstand the pressures of external influences. This is where getting the best people and treating them well is important.
Now you may say "Why is this really important, it's not like this will do anything to dangerous to me?", you have not been listening to the news lately, when a hacker was capable of gaining control of a Boeing 777 from the entertainment system in the back of the seat infront of him. As it happens, both the flight entertainment system, and the flight control system runs on the same physical network due to the reduction of weight. Though Boeing has added security but this does not completely remove the risk. In an ideal world you would isolate these two networks, to reduce the potential of cross contamination between the two or more networks.
