Maybe because you don't need to actually open an executable file to get infected. Even displaying an image in your web browser may do: https://en.wikipedia.org/wiki/Arbitrary_code_execution