In this case I think it is best to actually look at the code of the two functions
One problem with str2num is that it uses EVAL. A malicious user could therefore cause major problems if str2num is used. That said, the use of eval within str2num is one of those cases where it is well encapsulated and unlikely to cause problems (but as I will point out below, can still lead to unexpected outcomes). It will in general be slow, but often that is not a big deal.
The real advantage is that str2double is a lot more powerful. It can handle all sorts of representations of numbers. For example, str2double can handle 1,000, while str2num cannot. In fact, str2num does not give you an error, but rather [1, 0], which might be unexpected.