It would also make it physically impossible to install software.
Agreed.  I happen to think application installs should *always* be confined to userspace, or better yet, an isolated subset thereof with zero write permissions to external directories.  All temp files would be contained in the same directory, not particularly hard to pull off.  That way, the worst any one program can do is wipe itself out.
If you're going to do this, you have to have something like sudo.
Unfortunately, as toadlife pointed out, sudo has its own set of problems.  It's fine, however, if you can insure that you will be the only person EVER using your login (that means no installs of unchecked code in your userspace, or worse, /usr/bin).
Also, Safari will check any files for executables, whether it's an archive, disk image, etc.
I think we can all agree that this is "a good thing."  However, if the end-user is uneducated regarding the proper action for unknown executables, they will just run them anyway.  I have a buddy who's constantly cleaning out his PC because his idiot brother keeps clicking "Yes" to every download/install dialog he sees.
It even detects .exe apps. I'm sure something like this could be implemented for mail.
This HAS been implemented by numerous ISPs on numerous dates, only to later be repealed because poor Joe Averageguy can't read the .rtf(.vbs) that was sent to him by 
[email protected].  What ISPs need to start doing is educating customers about the dangers of viruses (being careful not to take the oh-so-infamous alarmist tone that turns Luddites off to new technologies 
completely), while simultaneously allowing themselves to lose a few customers that expect them to make decisions that endanger the whole of their subscriber base.  There's something to be said about an uncompromisingly secure ISP, and word travels fast to the appropriate people.