Technically, yes, but it's not as simple as it sounds and there have been a number of changes to mIRC to cut down on a person's ability to hack through mIRC.
Some of the preventative methods used are:
default disabling of auto-receive for high risk file extensions
default disabling $decode
Pop-up display when a script with ON START or ON LOAD events is loaded.
There's probably a lot more, but those are the items that I can think of right now.