Sure, of course it wouldn't make any sense for the attacker to delete almost all wallet files, but he could implement an algorithm in his worm, which deletes...well, maybe every 50th wallet file and also to prevent that it doesn't look like just attacking computers with installed bitcoin, he can just delete/kill the whole system. So in the end he was still able to influence the network/economy.

And at least to prevent stealing wallet files for now, the file should be password protected(decrypt at every bitcoin start and encrypt again when closing). Should be no real problem to implement. Still phishing on a running bitcoin would still be possible by hooking (or even easier just by mousmove/key-macro..) and also can't think of any real/good prevention of this for now(but probably affects mostly the windows version).