Let's discuss how spyware would get through... I expect one of a few ways

1. Abusing the "allow websites to install software" checkbox
2. Javascript abuse
3. Java Abuse
4. Some exploit (overflow or whatever you want)

I know that FireFox has good practice of warning you when you download software that could be malicious, if there are ways around that you could cause some trouble as well.

Don't even mention Google spyware... The data mining potential they have is sickening, and if they do it already I wouldn't be suprised.