Well, while Windows 7 does significantly improve the AutoPlay/AutoRun user experience, it isn't bulletproof. There's a small, not likely to be exploited, loophole.
For example, Western Digital USB hard drives ship with Virtual CDs on board to install WD's SmartWare software.
You can see the CD device here along with the Passport:
This is how a default Windows XP installation handles the Virtual CD's autorun.inf:
It just launches the installer program, no questions asked.
Now this is how Windows 7 AutoPlay handles the Virtual CD's autorun.inf:
The installer on the Virtual CD is the default option, but it doesn't launch.
On the plus side, AutoPlay functionality can easily be turned off in Windows 7:
Do note that this isn't a Windows 7 vulnerability.
From Microsoft's Security Research & Defense blog: "It is worth noting that some smart USB flash drives can pose as a CD/DVD drive instead of standard ones (see http://en.wikipedia.org/wiki/U3 for an example). In this specific scenario, the operating system will treat the USB drive as if it is a CD/DVD because the type of the device is determined at the hardware level."
This is just a curiosity to be aware of — not a flaw.
Bottom-line, don't let Windows 7's improved handling of AutoPlay give you a false sense of security. There are more and more USB drives shipping with Virtual CDs, and sooner or later, one of them will be infected during the manufacturing process.