And what malicious code exactly could he add? last time the code was embedded onto bitcointalk.org which means he could've altered text on the website or steal peoples passwords, but this time its not, so there isn't much he can do.
He tried adding a script tag to bitcointalk. He could have altered text or stolen passwords.
It was like he walked into a shop with a gun hidden in a bag, he pulled the trigger and Theymos did a Neo-in-the-matrix like dodge and no one was hit. Maybe the bullets really were blank? We don't know because there wasn't a hit.
After Theymos bragged about his deft dodge the guy comes back and appears to be yabbering on about DOS attacking the proxy Theymos used to check the script.
But if you want to keep saying "Actually there was nothing malicious"... please remind me of this if it ever looks like I'm trusting your judgement for anything.