Pretty interesting story, I'm sure we haven't heard the full details of it: http://arstechnica.com/security/2013/05/mac-malware-signed-with-apple-id-infects-activists-laptop/ Note that this doesn't scale. It's not something that would have made it to the MAS. It was specifically targetted to the victim. But. It shows that when motivated against a particular end user there are still ways of causing harm and even Gatekeeper won't catch it.