As most of you know, macosxhints is not a 'breaking news' site. We generally post things that aren't time sensitive, and try to stay away from news as much as possible -- there are many better sources for Mac-related news out there than this one!
As such, I didn't post anything here about either the Leap.A worm/trojan or the Bluetooth worm, as they were both thoroughly covered on other sites, and there wasn't much 'tip like' that could be considered tip-worthy about either of them, beyond 'use common sense when downloading and opening files from others.'
Yesterday's news of a Safari vulnerability, however, is different. While the Leap.A and Bluetooth programs required active user participation (you had to agree to accept a file, then expand and run it, for instance), this latest Safari vulnerability is riskier. You can actually execute a program on your Mac by just clicking a link on a website, or, on a truly malicious page (using some HTML programming tricks) by simply visiting that page .
Other sites have done a very good job of explaining how this particular vulnerability works in detail, so I'll just summarize it here. In a nutshell, a shell script can be written and then zipped in such a way that it will automatically expand and then execute on a user's machine. This shell script, could, of course do anything your user could do -- including, as an example, installing the Leap.A worm.
Thankfully, the short-term workaround is fast and simple: If you use Safari, open its Preferences, and in the General tab, uncheck the 'Open "safe" files after downloading' checkbox, as seen here:

Mac OS X Hints
http://hints.macworld.com/article.php?story=20060222071126871