I put up for download a simple plugin that attempts to find spyware/malicious code in themes when they're activated.
It seems there are a few bad apples out there, that are redistributing public themes, but altering them to include spyware.
The plugin checks an activated theme for "suspicious" code. When you activate a theme, the plugin scans all the theme files for suspicious code, and alerts you if any is found. You then have the option of continuing on with the activation.
Find out more @ http://headzoo.com/wp-anti-wares