Why HTTP_HOST is evil

When browsing Stackoverflow I often notice users asking questions somehow involving the use of HTTP_HOST. I nonchalantly hint on its vulnerable nature and fail to produce a hint on an