On a non-jailbroken iPad, unlikely.
The only way to install an app is through the App Store. Plus, apps have to be signed by both the developer and Apple. If the app is modified, it won't run. Each app is installed in a sandbox, and has no access to other app's sandboxes.
If not for the signing, a possible route would be an infection of your PC or Mac that would install an app on your iPad. The signing prevents this possibility.
There is one possible route: exploitation of specific vulnerabilities that might result in execution of arbitrary code. Most fruitful would be buffer overflows due to buggy code which might be caused by "corrupt"/unexpected data in a data file, for example a JPEG. There have been a few media file exploits recently against commonly-used media decoding libraries. Presumably, Apple is up on this and does extensive testing. But it might be possible. But I think this unlikely, because hopefully a media file isn't being decoded with escalated privileges that might permit access to other application's sandboxes.
Malware certainly is possible, and there have been isolated instances of rogue developers whose apps have done undisclosed nefarious things, like sending the content of your address book to a server without disclosure. Apps have free access to your address book. I believe, though, that Apple has announced that in 4.0 there will be a more fine-grain permissions system such as that on Android. (On Android, the user has to give permission for a specific app to access the address book, just like iPhone users have to give permission for use of GPS.)
The address book is a particular point of vulnerability. I recently "Bumped" with a friend, and discovered to my horror that he had a long list of account numbers and passwords stored in the "notes" field of his address book entry! (A more recent version of Bump allows you to choose precisely which items in your address book entry to push to the bumpee...)