Your fears in honor, but this "possibility" exists for a long time and not only CoD1, also CoD2 and CoD4. Is something more secure, because less people know about it, though others exploit it already?
I don't have Facebook, maybe somebody wants to inform Infinity Ward.
Probably it wouldn't even be allowed to patch those security errors, since Reverse Engineering is not allowed.
Just asked php to test this in Sandboxie, the download and execution still works, but it might give more security, because it prevents total access on the filesystem.
Sandboxie is able to whitelist processes, this may help (please try php and tell us ):
All big Companies start seeing the value of Open Source, Google with Android, Microsoft is open sourcing C# etc... I hope IW will release the source code of Call Of Duty 1, 2, 4... otherwise there is nobody fixing their bugs.