Think of Translate like Douglas Adam's babelfish, but in an online, text form.
The former vulnerability is rather simple. After a few redirects to fool anti-fraud mechanisms, the translated website pops out of Translate's iframe and redirects the user to a website or content of their choosing.
One may use HTML5-sandbox iframes to prevent the top level hijacking. Google engineers implemented HTML5 to mitigate the vulnerability. But in the interests of those web developers who utilize Flash, Silverlight and other interesting development tools, Translate enables translators to disable "Translated in Safe Mode." This results in allowing the translator to slit their throat. To each their own.