Reply to Message

IE still runs in the security context of the logged-in user. So bugs in IE can give an attacker administrative (full) control over the computer. IE 7 did not add the ability to "log out" of http authenticated websites (a gaping security hole and an rfc recommended browser feature). IE 7's "new" security for active-x is really no different than the old security, you're still 1-click away from giving an unknown attacker full control over your machine.