Rob Mensching wrote a blog entry a while back that explains some reasons why you should not use script-based custom actions in your setup. I encourage you all to read it if you haven’t yet, and I also strongly encourage you to heed his recommendations if at all possible.
I can personally relate to one of his explanations as well. Reason #3 on his list talks about anti-virus programs. When we shipped Visual Studio .NET 2002 we started getting reports of seemingly random failures during setup from our product support team. After some detailed analysis we found that many of these failures were being caused by overly aggressive anti-virus programs that were blocking scripts from running even as part of custom actions during VS setup. We scrubbed our custom actions before shipping Visual Studio .NET 2003 to re-write or eliminate the script-based custom actions to avoid these failures, and we were able to eliminate a fairly high support call generator.