interesting read but strange things along the read:
the classic blended attack: safari's carpet bomb
is named absolutely wrong. the carpet bomb, safari stores files of unknown type to the desktop, is a sensible design decision, they are not hidden somewhere. it is getting useless on windows, if the files have the extension ".dll" because windows will not display them.
and the bug is that ie7 does look for dlls to load on the desktop, this is not a bug this is madness.
what i learned along this too is that reviews on o'reilly are already sold to someone else.