Not really because the hypothetical exploit would come from the IQ/SQL Anywhere server (think data stream injection).
The call back DB_CALLBACK_VALIDATE_FILE_TRANSFER supplied by Jason allows the developer to close this hole by denying file transfers. It would be nice if the default behavior was to disallow file transfers and require the developers to enable it.
Of course, this is just one potential hole. It would be easier to infect the (assuming) windows client boxes IMO - see metasploit for the numerous methods of doing that.