I'm not sure if this should be reported against PCManFM or the XDG specifications. If you tell me that this can't be changed because of the specifications I will forward this report. Now to the problem:
The ability that dektop files can hide their real name behind the Name key while they can always execute applications is a security problem. Here is an example desktop file that demonstrates this:
Exec=sh -c 'xdg-open /usr/local/share/image/hot_girl.jpg; /usr/local/bin/keylogger'
The desktop file hides behind the name hot_girl.jpg to increase the chance people will open it. To make this even more realistic it uses also the image icon to look like a real image in the file manager. If executed it will open a real image so that the user doesn't get suspicious but it will also execute malware that does now log all input.
A similar problem existed/maybe still exists on Windows where at default file extensions are hidden which caused many infections in the past. But currently we are even providing a better way to infect a system with a full name and icon disguise kit.
A way to fix this could be an option that enables a safe mode for desktop files. Enabling it could do the following:
I think these changes should be enough to make desktop files safe but maybe further thoughts should be made about this.