The latest (but most likely not last) breach of security in MSIE details a way to run any program on a user's computer from a remote webserver. A demo site runs logout.exe which promptly logs out the user from Windows. The official response from a MS Sweden representative is to rename logout.exe to something else. He did not specify what one should rename format.exe to; maybe stupidbastards.exe would be a good idea?
But seriously, is anyone stupid enough to still use MSIE? I mean, they should be on Jackass or a special online edition of the Darwin Awards. It's like breaking into a military biological research facility only to drink from all the sealed vials you can find.