Typically most attacks of this nature will occur because malicious script is embedded into a web site through a cross-site scripting attack (XSS). The only way to prevent these is to scrub your form entry fields to make sure script or other unwanted material isn’t getting through. (Which reminds me that I have to check my new sites’ comments, to make sure these are ‘clean’.)
This is a threat, but I would say it’s of secondary concern compared to some others. No, don’t shoot me. It requires that a lot of factors be in place before it can work: your router not have password protection, your printers always be on and have a built-in web server and so on. The more sophisticated your home network, the more vulnerable you are. However, the more sophisticated the home network, the more we have to assume you know how to protect such network.
(Slashdot coverage. Original press release and white paper on the exploit.)