As far as I've ever heard, it is theoretically impossible to stop that kind of attack. If a user runs your code, then yeah, duh, your code can do whatever. I don't think that counts as a security vulterability.
No, definitely not a security issue when you have a piece of software that is only supposed to let the app store signed code run and then as long as there's a signature somewhere near it will run whatever the fuck you've put in this app that macuser101 has no suspicion of because 'macs are virus proof'. It will be a funny day when the first big mac virus sweeps through now that macs are numerous enough to present a valid target and casually brushes aside any token security measures.