Worse, another growing competitor to Adobe: Foxit PDF, does not even warn the user that code is about to be invoked. It just quietly lets the code run without any user interaction!
For a YouTube video demo of this nasty feature in action:
PDF: Launch a Command
For a downloadable test to try your luck with your favorite third party PDF reader see:
Escape from PDF credit to Didier Stevens.
And for the extension of this logic towards the inevitable PDF driven worm, see:
Are PDF's Wormable?
The authors are not releasing the method, but I can tell you that once the concept is released, which it has been, someone on the wrong side will figure it out soon enough.
Adobe, Foxit and other PDF reader providers need to look into this ASAP.
Edit: Thanks to theweaselking in the comment below -- Foxit Reader has an update that will change the behavior to match Adobe's product in this scenario. If you use Foxit make sure you've accepted the latest updates.
Of course - I would rather have three changes from both companies.
1) Make the message that asks the user for permission immutable.
3) Bonus! How about fixing Adobe and Foxit so they run properly as a Low Integrity Process in Vista and Windows 7 (and Windows Server 2008 / R2.) Mandatory Integrity Control in Win 7 and Vista works very well as another barrier to malware by forcing high risk processes to run at lower permissions than the OS. Unfortunately many popular utilities that should be considered high risk do not take advantage of this feature.