Nathan Weinberg apparently spoke to Google's Marrisa Mayer and comments on my concerns.
Nathan claims that #10 and #1 are by design. Yes, apparently they are by design - it would be quite hard to incidentally hook up the WinInet.dll or to install a BHO. That doesn't answer my concerns about them, though.
#10 - The BHO is probably the way Google Desktop intercepts the Google.com search results and injects the desktop results in the page. But it also means that GD also has access to any page I browse, even if it's https: and my IE is set to not cache on the hard drive secured pages. I hope this doesn't turn out to be same as the AIM chats case.
It's interesting though that the only indication there is a BHO installed was a dialog box when GD installation hit IE with disabled BHOs. Why isn't this mentioned somewhere else, like in the documentation? Why isn't there an option to not install the BHO?
#1 - Why does a desktop search tool needs to hook up WInInet.dll? My guess is that this is how they inject the desktop search results in other browsers. But why not do it this way in IE as well? Or if it does it, then what's the BHO for? Why isn't there an option to not do hook up WinInet.dll?
And then comes the matter of AIM, which for the sake of the discussion I shall name Number Twelve and which everybody conveniently skips.