OK, admitted, getting a user to click accept is not terribly hard. Getting a Mac user to ckicl accept and ehter a keychains password however, for an app they did explicityly specifiy to download and that does not present a disk image file on their desktop, from a company they never heard of on a site they did not browse to specifically to get this app? VERY high hurdle.
Even my father, who I had to walk through the install and use, click by click, to get FaceTime installed on his Mac, a guy who forwards every scam e-mail that sounds legit no matter how many times you tell him not too even after having put a link on his desktop to snopes.com, who can't figure out to reboot the router when his WiFI icon turns grey, knows in his bones that anything that asks for a keychian password means BIG SHIT is happening, and he better know why....
The only way even the tiniest percentage of Mac users might fall for this would be people led to by a scam to a site, that looks like a legit company at a web address that can be spoken (not funky characters or numbers and dots), and are tricked into thinking they're downloading a real program. Problem? That site would be off the net by takedown order from the FBI in hours. You can only avoid the FBI and ISPs from blocking and shutting down your virus distribution server if you don;t actually have one, but rely on other legit servers being infected, or boits that attack IPs directly for weaknesses. No such attack exists and Mac users don't give out passwords to rogue apps trying to install. (clicking "yes" they do, with alarming ease, but going to the next step that actually allows the virus to install they do not).
And on top, this thing is still actually FLAWED, in that it not only does not install properly, but more relies on services set to auto-run, hiding itself as a running service from the tray (the dancing icon on startup saying Hi, I'm a web Server and I just launched on my own" is a dead giveaway) and hiding itself from other linux process monitoring services, not to mention actually getting out through both the OS X and physical firewalls so someone can route down TO that server? ...and all this without actually getting permission escalation, or running as root (since that's disabled).
This is so low on the threat scale it doesn't register, other than the idea yet another person tried and failed.
There's a reason there has never been a self propagating virus on Macs. The only worm they ever had was from people installing hacked copies of iWork and OS X they torrented illegally (and thus deserved to get infected). The virus another poster mentioned was a PoC and never ITW, and didn;t spread by any means OTHER than LAN anyway (you couldn't catch it to spread it unless you plugged into a network with another infected mac and accepted the remote "driver" install from a device you did not request to use).
Getting a Virus into Linux/UNIX in general is really hard, not because it doesn't have vulnerabilities, but because the security model is simply so damned simple that getting around it is pretty much impossible (did you ASK for kernel memory, the right way, with the right permissions? no, oh, sorry -kill). The user actually has to INSTALL the virus, manually, like any other app, but then it ACTS like any other app, and is easily found and is as limited as any other program running on the OS.
Will OS X remain virus free forever? probably not, but any infection is going to take advantage of a weakness in both the user, and like a 3rd party app (java, flash, some other network service, 3rd party browser/plugin vuln...). Don't download illegal stuff, don't enable root, use a password, don't follow links in e-mail you didn;t ask to get, and you pretty much can;t get an infection on a Linux machine. Macs make it even more obvious to users through the insistance on Keychain and s very simple security model.