What are the risks of antivirus exclusions for virtual machines’ files?

I can think of the following points:

• A malicious file could be stored using these extension. It is not impossible for your hypervisor to contain a bug that could lead to an exploit once a crated storage file is loaded. Potentially, your AV could be made able to detect such a problematic file before you have the time to patch your hypervisor, reducing your window of vulnerability.
• Your AV might be able to understand the format of these files and look into them for potentially harmful files. I'm not aware of any product that does that but I haven't looked very far (and I'm not overly interested by such a "feature").
• It is possible that the AV heuristic engine could actually detect some form of malware directly in the files while they aren't in use (most likely shellcode).
• Depending on how your AV works, if the files are stored on an NTFS file system, a malicious file could be stored as an alternate data stream for one of these files then the AV might also skip the ADS linked to the excluded file.

IMNSHO, I think that the above risks are well worth taking given the high performance cost of on-access scan of VM files (which tends to be huge).