To borrow from the Beastie Boys, Google's "crystal ball ain't so crystal clear". It appears that a successful sabotaging of a website is easier than one might hope. lots0 at Threadwatch points out that using the non-canonical version of a domain to hurt the rankings of a competitor is an easily accomplished task and one that's exceptionally deadly at Google.

I recommend reading his full post, but here's an excerpt:

If however, when you enter the URL without the www and you end up at the non-www URL and when you enter the URL with the www and you end up at the www URL your site is prime for a major dumping on.

If your site is not protected someone could; Find some places to drop some links for you. This evil person could drop some links using the non-www URL (or if the site is set up for non-www linking link to the www page).

Very scary material and one that everyone should be aware of. Make sure you 301 those non-canonical domains back to the canonical version ASAP as this tactic is now common knowledge.