The Slapdash post is more troubling than the original report.
It's only troubling if you're an apple user. >:-}
Does Mail.app attempt to display inline images by default, rather than as attachments? If so, the rather troubling result is that the script may well automatically execute simply by opening a malicious email. Considering how much havoc was caused by Outlook executing whatever script happened to land in the inbox, I'm sure we can imagine the potential for trouble here...