Well it looks like the twitter clickjacking attack I published this morning on the new twitter follow button works also on google plus1 button.
You need to have enable the +1 feature on your google account before trying the exploit, because the first time you +1 a page, google will popup a window to activate the feature. You can enable the feature by clicking on the +1 button bellow.
After you can try the +1 exploit here, click everywhere on the page and it will +1 the page without poping up a window. The button is partially hidden but it can be totally hidden. The victim need to be logged on Google unless it won’t work (popup).
The code is exactly the same of the twitter follow button.