Launching a program when setup is completed may be a security issue
An article in the InnoSetup knowledge base points out that launching your application or displaying a readme file (using notepad for instance) at the end of your installation may cause a security issue on Windows Vista. The problem arises if the installation runs with elevated privileges because the child process (your application or notepad) inherits these privileges. This means that now your application runs with full administrator rights, which defeats the purpose of UAC.
This is a problem for all setups that don't use Windows Installer technology, like InnoSetup or InstallScript projects in InstallShield. But MSI based setups can also be affected.
If you launch an .msi file (by double clicking or via msiexec.exe) on Windows Vista, only custom actions that are scheduled for deferred execution in system contect (i.e. with the NoImpersonate flag set) will run with elevated privileges. Ususally you wouldn't launch your application with such an action, but instead use a DoAction event on the Finish button on the "setup complete" dialog. In this case you're fine.
However if you launch your MSI install using a setup.exe which is not explicitly manifested to indicate that it doesn't need elevated rights, the UAC prompt will be displayed right at the start, and your whole user interface sequence will run with elevated permissions. In this case the launched application will inherit these permissions.
In general it may be best not to launch the application at the end of the installation. Note that similar security problems can also happen on Windows versions before Vista, for instance if the setup was launched using RunAs with administrator privilges. And if a reboot is required to complete the installation, your application may not run properly when launched from the Finish dialog anyway.