To be honest, I don't have a real solution to the problem. I need execv() in my games in order to set up display options menus that will run the blenderPlayer on the game file with appropriate flags. If the exec() functions were disabled by default (and especially if they were take out of Blender completely), then my games would not function properly in other people's Blenders. And what about the issue of the blenderPlayer? Should the functions be disabled there as well? And how will you protect someones computer when they have a full Python installation with a Python Path specified? Even if Blender disabled the functions in its Python package, the script would revert to the standard Python installation and wreak its havoc. (BTW, not everyone with Python Path specified is a Python Guru. Some people do it just to be able to use special scripts, like Ter2Blend for example.)

Like I've said, anything that you download can be hazardous to your computer, and sometimes there just isn't much knowing ahead of time. I don't know if there is a real solution to this issue, but I think that the warnings system is perhaps a good start.

I don't think that stating an idea on how to solve an issue is the same as telling people that they should be doing something for you… Of course if nobody picks it up then we can always point to this article.
This will probably only gets solved after a large user group has been attacked and lost lots of data…
That's how these things work in my experience.

It's not an easy task to communicate to people who don't know how to check for harmfull elements how to check for harmfull elements. Just stating: "This script contains an eval() that might harm your data somewhere in the future" might not cut the cake.
Another option could be to have a security tab in the info/user settings window. With toggles "Blender: No automatic script execution (scriptlink)", "Python: No exec", "Python: No eval()", "Macro: No delete", "Macro: No save". Etc, all active by default :)

(Note how easy it is for me to say what other people could do, being someone who's never coded a line of Blender code in his life ;-)

( Thats like loading an image on the psp that causes an overflow and installs a hack. )

It will be pretty hard for a user to figure out that the model he is trying to view/import is actualy installing harmfull software.

This is a serious issue because the more capable that Blender becomes, the more toes it will begin to step on. And, because the door is truly wide open, it COULD become an easy target because of jealousy, envy, pranks, or those whose bottom line is being effected.

Today's word is: proactive (Acting in advance to deal with an expected difficulty; anticipatory)

I think the best solution to these types of problems is to implement, in the Blender codebase, a filtering mechanism that simply scrubs a script's code before loading, alerting the user of any potentially harmful code…an anti-malware feature. I have something like this for Visual Basic and it works great. The potential for problems will only skyrocket when Blender gets macro capability. However, I'm sure the developers are on top of this issue.

It's not a real issue with "images" but gets more of an issue with "documents".
Operating systems do their best not to help you in any way as to what kind of "document" you are downloading. Windows finds everything a possible risk, making it a useless warning.

When documents are scripts things get serious. How is a user to know that some script contains a system.exec that downloads things to exec (or eval?). So I think exec and eval should be sandboxed or off by default, making some bad written scripts useless for the people who don't know the risks.

This will become even more of an issue with the macros blender will be able to execute within a version or two.