Google is not that good at rejecting exploit domains in SERPS. They can't even keep their Google Code repository clean!
In July a researcher stated "Google takes the crown for malware distribution, turning up more than twice the amount of malware (69%) as Bing (12%), Twitter (1%) and Yahoo (18%). Of course, they serve a larger number of visitors so this is bound to be higher plus they would be subject to more "attacks", but I've seen reports that they fall foul of very common tricks by a small number of exploiters (eg common IP ranges, common DNS services, well-known domain registration details etc). That is very easy to fix, rather than checking domains as they turn up.
I have no doubt they are better than at least some of their competion in the short URL field but personally I would still avoid them.