The main examples we've seen so far have masqueraded as codecs, supposedly needed to view offered - usually pornographic - video clips.
Does that constitute self-inflicted damage. Maybe. But people will do it.
I seem to remember a Microsoft security specialist telling a conference that even if a Trojan displayed a message along the lines of "Running this program will infect your computer, make it run more slowly, and generate millions of spam messages. Click OK to see the boobies", enough people would click OK to cause a problem.
Other examples of malware for Mac OS X pose as software key generators, again appealing to users' baser sides.
And bear in mind that Apple has already patched multiple vulnerabilities that could theoretically have been exploited to take control of computers just by displaying an image, for instance in a web page.
Can you trust every web server that you visit? See page 3.