As the summary points out, you are still vulnerable if you receive a .zip or .tar.gz file by email and your friendly GUI archiver program unpacks it and makes files executable. For command line tar(1) and zip(1) it's fine to extract with the same executable permissions as in the archive*, since command line users can be expected to understand the risks of running executables, and the command line interface doesn't muddy the distinction between opening a file and running it. ('less some_file' versus './some_file')
But for graphical unarchiving programs - or browsing directly to the contents of a zip file inside the file manager - I would prefer that the default be for all plain files to be non-executable, even if the archive specifies that the +x bits be set. If the user wants to extract a zipfile and have executables (or .desktop files) be ready to run by double-clicking, this should require an explicit step, where the app can give a brief warning.
I must say, though, that GNOME's solution of marking .desktop files not in a system directory as 'untrusted' would take care of a good part of this problem. It will no longer be possible to unpack an archive and get a file that appears to be a JPEG image with thumbnail, but is in fact executing an arbitrary command.