Yes. TS is not different than if the user were logged onto a workstation, so you'll want to lock down the server so users can't install software, which will prevent spyware/malware from being installed.
http://www.workthin.com/tshta.htm
Patrick Rouse Microsoft MVP - Terminal Server http://www.workthin.com
Post by DC Should I be concerned with Spyware on a Terminal Server with clients surfing the net using a Terminal Svcs session?