I enjoy a very wide variety of PC games and almost always, after finishing the game in vanilla falvour, investigate a very wide variety of mods if the game allows modding. I have contributed heavily to a number of mods out there also.
The reason you don't see much malware hidden inside mods is because it is very rare for mods to be in an executable form.
Generally mods come in the form of graphics packages and scripts. It is very hard, if not impossible for graphics/sound/geometry to contain malware. The scripts sure sound dangerous until you realise that their capabilities are limited by the actual game. I am yet to see a game where script/config files have the scope to cause damage outside the installation let alone steal your password or something similar.
Now, there are a number of addons for various games (morrowind/oblivion/fallout come to mind) where mods rely on 3rd party executables.
There is a danger there - however it is very effectively mitigated by the fact that very few if any of these executables are hosted on their own servers. Almost always they are hosted by a third party hosting site (modDB for example, or *nexus or planet*). While these sites usually deny any responsibility it is generally a safe bet that if someone gets owned/hax0red/virused/etc the third party program wouldn't last very long and thus have very little effect on the broader population of users.
Another thing to note is that generally the games that allow/encourage modding do so by making their core program very robust. the main executable files/parsers/etc are all designed to allow a great/varied amount of input.
Such design generally means that to mod these games you don't have to download hacked game.exe (a great vector) in order to enjoy a mod. It means that you just download some script/graphics/etc files that go in the override (baldours gate for example) directory and the actual original game (which is presumed safe in the scope of this discussion) will accept that input and output a modded game.