The whole Apple Flashback Trojan started with compromised word press blog.  Kaspersky labs confirms this the virus was spread threw a vulnerability in java.  When clicking on the wordpress link or post executed the silent malicious code.  This is the same thing that happened at pwn to own.  Any time you integrate the browser into the OS you are open up security vulnerabilities. Microsoft has had issues like this for years with Internet Explorer.  Apple sacrificed security for useability in there Safari browser and in iTunes.  One major security concern regarding iTunes is since they have designed iTunes as an all in one hub if there is every a security flaw it would be critical do to the integration into every Apple OS.  The flashback malware has infected more than 600,000 Macs worldwide.  There are removal tools available at Apples website http://support.apple.com/kb/DL1517.  There is an update off of Apple’s website to prevent infection http://support.apple.com/kb/HT1338