Yes, your script may be innocent, but that doesn't mean they all are.
Back when I was a Windows user, one of the first things I did on my systems was to disable the CD autorun feature. It's just like Microsoft to add something like that.
Of course, that hasn't stopped people from developing similar programs for Linux too:
http://linux.die.net/man/1/autorun
Even then, notice how you have to configure your fstab to allow exec permission first.
And what do you know, look at what else I found when I was searching for the above page:
http://www.net-security.org/secworld.php?id=10544