Ben Edelman has put together a report on how a substantial number of sponsored links that are results of popular queries on SEs lead to sites that install spyware, malware, etc. (BTW, the company was founded and is run by MIT folks.)
Finally, something I hadn't heard about or seen. (I don't use Google much anymore.) To foil rank checkers, Google enabled captchas. About a year ago, they didn't work properly when they were enabled. What's going on here? Why isn't this sort of thing going through QA? Who is responsible for making sure that these changes are properly tested before going live? (Questions I used to ask myself when code was pushed into production at AV without going through QA, causing endless amounts of problems, including log problems.)