A few days ago on Heise Germany, I found a solution for the ability to run Terminal scripts via a disguised downloaded file. Just insert the code from that forum post into your user's .bashrc file, and Terminal will ask before executing a command whenever a new window is opened. You can also edit the system-level .bashrc (sudo nano /etc/bashrc) to make this work for all users.
Another solution is to install Unsanity's old Paranoid Android (linked on this page, which would also help for the 'disguised as JPEG' Mail issue.
[robg adds: This seems like a fairly ingenious solution to the problem. You get prompted with a yes/no question when a new Terminal window opens, and if you don't answer in 15 seconds, it times out and exits, preventing access. You can change the delay by changing the value in this line: read -r -t 15.
I added the code to the end of my .bash_profile file, and modified the comments a bit to explain more clearly what's going on. Here's my version of the code:
# keep my playground secure
echo "############################################################";
echo "## ##";
echo "## If you do not know why Terminal has launched, answer ##";
echo "## 'n' to the following question. Otherwise, hit 'y' to ##";
echo "## open Terminal as usual... ##";
echo "## ##";
echo "############################################################";
echo "Open Terminal.app now (y/n)";
read -r -t 15 -e OpenTerminal
if [ "$OpenTerminal" == "" ] || [ "$OpenTerminal" == "n" ]; then
exit 1;
fi;
if [ "$OpenTerminal" != "y" ]; then
LastCommand="$OpenTerminal";
echo "Open Terminal.app now (y/n)";
read -r -t 15 -e OpenTerminal
if [ "$OpenTerminal" == "y" ];then
echo "This was the command that started Terminal.app:";
echo $LastCommand;
else
exit 1;
fi;
fi;
There are a number of other workarounds posted in the comments to this hint about the auto-open issue in Safari, but I felt this one was unique enough to share as a standalone hint. This is the solution I've chosen to put in place on my machines for now, as it's decent protection with only a minor inconvenience (though it does break the 'Open in Terminal' sidebar item I've been using).]
Mac OS X Hints
http://hints.macworld.com/article.php?story=20060222011953661