Then you may be able to answer this question: is it really a problem that those people accessed the link but didn't login? Because sure you could put malware on it, but that's possible on any website.
Yes, but in theory some sort of MAC could stop it from accessing important files, or anti-virus could detect it and stop it too. But once the password leaves the computer, it's going to take a lot more effort to mitigate the damage. Also, your browser is on your side for protecting against malware, so for example if you have Flash disable, that's a whole vector you can just ignore.