Over on the BlueHat blog, security researcher Manuel Caballero wrote up an interesting post on how Silverlight avoids exposing unsecured private browser APIs to abuse from RIA content. 

Anyone building ActiveX controls that take untrusted input should have a look to ensure that their controls don't allow bad guys to break out of the browser's JavaScript sandbox.

-Eric