Clarification for dummies (Score 1)

It looks like most of the people posting have no idea what happened, or didn't RTFA, but that's not surprising, of course. The POINT of the article is that I can/could have sent you a message from a Yahoo account with javascript code, and when YOU opened your Gmail inbox on YOUR computer that code would have been executed.

What is so hard about this? Its very obvious to see the security risks associated with this vulnerability. And yes, it is a vulnerability. Are all the previous posters the same guys from Microsoft who sat in a board room, straight faced, and decided letting other people run C++/Java code on your Internet Explorer window would be a GOOD idea?