Apple claims to have fixed the issue where applications could run automatically out of a Time Machine backup. Look for CVE-2008-0038 in Apple’s About the security content of Mac OS X 10.5.2 and Security Update 2008-001 .
Thanks to Apple for mentioning me. I certainly would have reported the bug regardless, but it’s a nice bonus.
The only thing I wish had happened differently was an earlier acknowledgement from Apple that they realized what I was describing and agreed it was a security problem. I didn’t find out Apple considered it a problem until January 22nd, when they asked how I’d like to be credited for discovery. Most of that time I wondered if I should file more details in an attempt to convince them it really was a problem.
Note: I’m saying “claims” only because I haven’t installed the update and verified the fix yet. I have no reason to disbelieve Apple. 
Hey, that’s awesome. You’ve literally made the world a better place!
It seems to work well enough. It looks like Launch Services simply can’t find applications in the Time Machine vault. Good enough.