UPDATE! 2/24/05 8:58AM PST

Some comments reflect the fact that my post below can be misunderstood. I'd like to clarify.
IE is an essential part of the Windows Operating system.

Nothing I say in my post below is meant to imply otherwise. In the sentence "The issue of not being part of the Operating System is an interesting one" I am referring to Mitchell Baker's comment. I go on to say "IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present."

Thanks
-Dave
End Update.

 

There's a story at http://news.zdnet.com/2100-9588_22-5630529.html where Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation is quoted as saying Mozilla is and always will be more secure than IE. That's an argument we can spend a great deal of time on and still not prove one way or the other. I also know from experience that the online press likes to play up stories about the browser so it's quite possible the statements in the article are taken out of context as such a claim invites something to happen to prove you wrong. It's a little like saying you've never had your car stolen only to leave work and find it is missing from the parking lot.

There was one part of the piece that I wanted to comment on though:

Part of Firefox's better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.

Now I'm pretty confident that Mitchell doesn't actually know the details of how IE is developed so I don't fully understand the basis of the statement. As we develop IE we go through very thorough and stringent security reviews to ensure that every change is secure and does not expose the user to attack.
The issue of not being part of the Operating System is an interesting one though that is frequently the subject of misunderstanding. IE is part of the Windows Operating System so that parts of the OS and other applications can rely on the functionality and APIs being present. IE in turn relies on Operating System functionality to do it's job. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows. The security of any browser is irrelevant to if it is part of the operating system.
If we are to debate security of browsers then let's bring in relevant arguments and accurate details about different possible attacks rather than rely on the irrational fear that because IE is part of the operating system it must be exposing OS functionality to the web. This is not the case as any software has access to the same set of OS APIs and can therefore expose the same set of OS functionality as IE.

Update - Fixed the typo. Thanks for the feedback. I didn't have http://www.iespell.com installed on the machine I posted from.

Update - 4/4/05
In response to the feedback to this post DPA_LoadStream documentation has now been added .
http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/functions/dpa_loadstream.asp?frame=true
http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/functions/dpa_savestream.asp?frame=true
http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/functions/pfndpastream.asp?frame=true

http://msdn.microsoft.com/library/en-us/shellcc/platform/commctls/common/structures/dpastreaminfo.asp?frame=true
Thanks for all the feedback that helps us constantly improve our documentation.
-Dave