Here are 1.3 million pieces of evidence:
https://www.google.com/search?q=IE+security+zone+exploit
As explained US_CERT, the US Computer Emergency response team:
> There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model,
> local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular,
> proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI),
> and ActiveX. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an
> attacker significant access to the operating system.
Microsoft winked a acknowledgement the root of the problem yesterday with their advisory about this particular
vulnerability. Microsoft's advisory says:
> By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML
> email messages in the Restricted sites zone.
That's as opposed to the Local Intranet Zone, the Trusted Sites Zone, etc. IE opens content in the restricted zone (cage) and hope that there isn't a leak, like hoping that lion doesn't reach out of the cage. (and hope that IE picked the right zone to start with - web sites and batch files are both .com addresses.) Opera doesn't need to try to keep web sites from accessing functions in the local computer zone - there is no local zone, it just does web sites.
If your browser doesn't run shell batch files and registry patches, it doesn't have to decide which batch files to run in what context. It simply doesn't run batch files, or do anything else but show web pages.