I'm not an expert at this so please correct me if I'm wrong, but if I remember correctly all I had to do to jailbreak my iphone was go to jailbreakme.com and click the button on it. That was it.
So it seems that if I can trick someone to click that button then it is possible for me to not only jailbreak their phone but also run any sort of malicious code afterwards (because instead of Cydia it can install just about anything).
Jailbreak me exploited a vulnerability in the FreeType library used while rendering PDF files. That has long been patched. While I'm sure that there are other exploits that we haven't discovered yet, a one-click jailbreak exploit hasn't happened since Jailbreakme, it it had, it would be ubiquitous. The odds are tremendously low for someone to accidentally jailbreak their phone.
I don't recall of ever hearing a story where someone accidentally jailbroke their phone, although I could be ill informed.
So it seems that if I can trick someone to click that button then it is possible for me to not only jailbreak their phone but also run any sort of malicious code afterwards (because instead of Cydia it can install just about anything).