Yes, but that wouldn't do anything harmful. Something like dbname="-r /var/lib/postgresql/9.1/main/pg_clog/0000" would be required to cause any harm. I have not tested it in practice but that should cause the server to overwrite the file with log output.
EDIT: They are not overwritten but just appended to.
EDIT: They are not overwritten but just appended to.