There was an interesting experiment: cdrom disks were given to employees of big financial institutions in London. The disks were said to be a Valentine Day promotion. They also had labels about not bypassing security policy.
The result? Just as expected. The software was run. Fortunately for the companies the program just made a notification. Imagine a case when it installs spyware, keylogger etc.