Found this interesting article on splitbrain.org; MSIE facilitates Cross Site Scripting.
The article examines the dangerously weird way Internet Explorer treats nearly any file, even non-text files, that contains some tags in the first few hundred bytes as HTML including the
<script> tag. A major no-no in my books.
This could potentially result in personal information (such as cookie data, for example) of IE users to be compromised.