A (clever ?) user could also use:

FOO=.
PATH=$FOO:~/bin
export PATH
[download]

There are various other workarounds.

Update: Some are even stealthy and don't even mention PATH at all:

eval `perl -e'print"y~ozf"^"]....=."'`

Update 2: What you could do is add this line to /etc/login.defs:

FAKE_SHELL /usr/bin/fakeshell

The script should call echo "command $$" | at 1 minute and then exec a shell. The "command" should then access /proc/"$$"/environ, locate PATH=... and do a simple split and test for a "." or "./". I assume you're on a linux box.