Of course not. You have to manually create the playlist as well as the stay-open application script as well as setting it in your login items list. And then you need to create the Applescript to run and attach it to a song file in that playlist.

That's a pretty big bunch of ifs that you need to manually perform.

Wouldn't it just be easier to write the malicious script as the "stay-open application script" and put it in your login items? You'd omit a lot of ifs and thens and get a faster bang on your buck for maliciousness, wouldn't you?

A security hole isn't when a user shoots him- or her-self intentionally in the foot. It's when somebody else injects a rifle into the system and then has the gun automatically go off. (In other words, "rm -rf /" isn't a security hole if a user types it as root; it's a security hole when simply launching an application as a user without privileges and has the app open up a root session and executes that command which is the security hole.)

lar3ry