Trojan injections by ads have occurred in the past (and specifically Myspace), but users infected were running very old versions of IE and Windows. I'd find it to be bad practice if Curse didn't run security checks on all to-be-used ads. If you can corroborate your incursions with antivirus logs, I bet Curse would love to see it.
Unless something new has developed, Flash is relatively secure because it isn't allowed to put its fingers in your PC unless you give it access. Anti-virus software loves to send out false positives, though. As long as you're running an up to date OS and an up to date browser and don't download anything foreign, you're good.
*knocks on wood*