One of my colleagues tipped me off to some additional resources on the subject of using the DropTarget technique for accepting files for execution.

First, it turns out that there is an SDK sample that demonstrates the DropTarget technique after all. This sample is fifteen years late according to one commenter who apparently thinks that the Platform SDK needs to provide a sample for a feature that won't be invented for another twelve years. Maybe we can use the Microsoft Research project to predict the future. No wait, we also need to get them to invent the time machine so we can take the future-predictor machine back in time 15 years.

Second, there is a sample for the ExecuteCommand technique. The ExecuteCommand technique is preferred over the DropTarget technique because it is much easier to implement. (Translation: much less you can get wrong.) Like the DropTarget technique, the ExecuteCommand supports out-of-process activation.

And third, as it turns out, App Path registration supports HKEY_CURRENT_USER after all, thereby addressing one of the complaints raised by a commenter (a complaint I answered incorrectly).