Anyway, wow wont run the virus files so there shouldn't be any real problem.
You are mistaken. Any executable file (.sh .bat .exe etc) can only be committed by mods/supermods. Anyhow, my example wasn't really wow addons, but more "addons that came with an updater or installer".
Some addons also come with EXE utilities to facilitate converting data formats between say Lua and a website's use.
Any reason why the upload has to be approved by hand? Seems a bit stupid. :-/
Trojan, Viruses, etc.
2 months ago, a malicious author uploaded 3 different zip files that contained a trojan to uiwow.incgamers.net, and it passed their automated virus scanning system. These addons were passed off as Omen, Curse updater and wowace updater.
No thanks. I have experienced too many problems with curse.com to move guildads there. Maybe if I see 1 year of near-flawless operation... ;-) and then only if the SVN log/history can be preserved (I often have to go back to old revisions to check something).
You can have a project using SVN on wowace sync with an external SVN such as Sourceforge on a daily/weekly/etc basis. What wowace would do then is to perform a daily/weekly checkout of your actual SVN address and package it accordingly if needed. It's under the Repositories options when you edit it.
As an example, Cladhaire's Clique addon does this, and syncs from wowinterface's SVN.