As well, it's recommended that you go into Safari's prefs and uncheck 'Open "safe" files after downloading'.
ETA: a good article at Wired about this too. Read both.
ETA2: Unsanity has released a haxie, Paranoid Android, that provides another way to deal with this and another undisclosed exploit.
Caveat: I use other Unsanity haxies and like them a lot but I have not yet installed and tested this one. Use your own best judgement.