Some examples of code that Googlebot can now execute include:

• <div onclick="document.location.href='http://foo.com/'">

• <tr onclick="myfunction('index.html')"><a href="#" onclick="myfunction()">new page</a>

• <a href="javascript:void(0)" onclick="window.open('welcome.html')">open new window</a>

These links pass both anchor text and PageRank.

Report from the Google I/O Conference [searchengineland.com]

Surely Google is working out a way to crawl more of the web, while not inadvertently penalizing large portions
of it... When I asked Google about this, they told me:

To prevent PR flow, it remains a good practice to do things like have the
onclick-generated links in an area that’s blocked from robots, or to use a url redirector
that’s robots.txt disallow’d. Penalties for spam techniques have been and will continue to
be enforced, but as you know, we work extremely hard to minimize false positives.

That doesn't completely fill me with confidence and clarity, but it's as much as I've got. The javascript linking question is rapidly changing. It seems, for now at least, the answer is to use a javascript redirector script AND block that script from being index in robots.txt

Even typing out a "guidleline" that complex is not happy thing for me ;(