Apple made a Microsoftian slip without most people noticing, for a while: hyperlinks open Help Viewer and instruct it to run local Applescripts (like this one). Simple enough to make a web page that automatically sends out a dmg file that will mount itself, then a page refresh than launches Help Viewer and runs a script from within the disk image. Protect yourself by using More Internet to change the protocol handler for help: URLs. I had a feeling those internal protocol handlers would turn out to be risky.
Update: John Gruber points out telnet: disk: and disks:, and recommends RCDefaultApp for changing the settings.