Scripting in all its forms is far to prevalent, fueled by the need to pack more Wow into every page for a typical end user to be able to sort through what is and what is not OK. Compounded by the simple fact that "Bad Sites" are next to impossible to identify until after the fact. Sure some are obvious, but others (well intending but poorly secured servers) are much harder to spot until it's too late.
What Article? The one you started this thread with, or the one (paper link) I add above? The paper link I add above goes into great (memory stack & code level) detail on exactly what is being done with the popular browser plug-ins to bypass the various security mechanisms. It also includes some registry hacks which will help to mitigate the threat. <-That and other options are what I was hoping to have a discussion about.