Naderman says it’s a bug, so reporting it here...

ACP -> Users and Groups -> Custom profile fields -> EDIT a field (only works in edit mode) --> Display profile field.

If you use firebug to modify the value, you can generate an SQL Error (expecting integer, string input instead, or truncated data error) because request_var is setting the default value from the field in a query (this is why the bug can only occur in edit mode). The default value is a string instead of an int. The simple fix is to force (int) for the request_var.
This is not a security issue because the variables are still passed through the insert query, which checks to see if a variable is a string, and if so runs through $db->sql_escape.

CPF Patch sent to Chris includes the fix for this bug.