"So far I haven't seen an autorun attack that can be put on a CD or a flashdrive"

The Sony DRM deal was the most recent well known one.

I've studied a lot of computer security myself and sure everything can get compromised but you can take steps to help prevent compromise. Such things as not using MS internet explorer or outlook express to destoying your old cd's and not leaving them around for someoen to find.
Myself I now scan everything and anything super important is kept in a fireproof safe and the rest gets shredded. This was I have less for people to find and if I ever would need to evac the safe is somehting that will go with me.