- The author is very obviously completely clueless.
- The target system is Microsoft Windows, and hence it's not even news. Closely related is that the exploit requires the user to be using Outlook Express to read email, is vectored over a peer-to-peer filesharing network, or requires a Windows box directly connected to the Internet. (None of these can possibly affect me.)
- The malware requires the manual intervention of a novice-level user, such as falling for a phishing scam by clicking on a malicious hyperlink. (I'd like to think I'd never do that.)
It's really easy to turn this behaviour off in Safari: untick "Open 'safe' files after downloading" in the General pane of Safari's preferences. Of course, this doesn't solve the entire problem, since the Finder will also feed the "JPEG" shell script to the Terminal. As Gruber points out, it's also not a new problem: "you can’t safely double-click files from untrusted sources, and you never could."