Over on the IE Blog, a commenter made a very good point -- why is it that IE flags scripts as “potentially bad”? That’s very confusing to the average user, and they have no way of knowing whether or not the script really is bad or not (and therefore whether they should enable it or not).
Unfortunately, this is much harder to do than it sounds -- even for humans (let alone computers). If I told you about a program that deleted all the data off your hard disk, would you say that it was a “good” or a “bad” program? What if I told you the program was named “format.exe” and its only purpose in life was to wipe disks of all their data?
So it’s not easy :-(
By default, IE limits the capability of scripts running from internet web pages because it is highly unlikely that anyone trying to format your disk across the internet has good intentions. Nevertheless, if IE is asked to load a page from the local hard-drive, it might be the case that (eg) you have an HTML-based administration console for a locally-installed application, and you really do need to format a hard drive or perform some other potentially-dangerous operation. So in this case, instead of just outright blocking access to that functionality, IE disables it by default and uses the Information Bar (aka the "gold bar") to inform the user that if they want to run the script they can do so.
The idea here being that if the gold bar was unexpected, the user could simply ignore the notification / close the browser / navigate to another page / etc. and still be protected, but if the user was expecting "potentially bad things" to happen then they could click through the gold bar and still have access to the rich functionality of the administration application.
I entitled this post "The Evil Problem" because it's similar to "The Halting Problem", which is a famous problem in computer science that says it's not possible to algorithmically determine whether or not a particular program will halt (stop). The reason this is so is because if you assume such an algorithm exists, you write a program thusly:
; // do nothing
Now if the algorithm says you will halt, you just loop forever (thus never halting). On the other hand, if the algorithm says you will never halt, you halt immediately. By this we see that such an algorithm can't exist. This mode of argument is called The Null Hypothesis and you could apply it to evil scripts thusly:
if (true == DoesEvilAlgorithmSayIAmEvil())
; // do nothing