It was only a matter of time until somebody found out how to misuse Dashboard Widgets.
If you download a Widget with Safari, Safari will install it automatically for you if you do not disable the “Open safe files after downloading” option. Safari will install it into ~/Library/Widgets.
Actually Widgets can get really nasty as there is no way to deinstall them other than deleting the Widget in ~/Library/Widgets. No way to do this out of DashBoard. You can do some bad with Widgets and one guy made a proof-of-concept. Imagine, porn Widgets that automatically load sites and log your password…
DO NOT CLICK ON THIS PAGE unless you have disabled the “Open safe files” feature or you do not use Safari. This page will autoinstall a Widget that can only be removed with deleting it and reboot.
Hopefully Apple will react and change the recent MS-like behaviour of “default-install-without-asking”.
Discussion and more on Slashdot
