Consider how the application's normal functionality might be used to the disbenefit of another application, of some or all users, of another party, or even of society. This may include:

Performing denial of service. Hosting/distribution of unapproved content (e.g. videos, photos, malware). Generating of spam messages. Hosting unapproved application code (e.g. as a command and control server, or as a bot). Reflecting an attack against another system. Attacking another internal system (e.g. databases, internal network).