Recently, a flaw that is eerily similar to one that was quashed many ages ago has been discovered in IE6 and IE5. This particular flaw only relates to the integrated FTP functionality of the browser, but could lead to a session hijack with nothing more than an username. Given that most FTP transactions are done unencrypted, this is less difficult to get than one might think. For all those who stay updated, IE7's FTP functionality is not vulnerable to this flaw.
For all the flak Microsoft took in forcing Windows users to upgrade to IE7 (ok, maybe not completely forced), a lot of it had to do with them wanting to move on to better platforms. IE6, for its age, had become quite long in the tooth. Yet, even today, it is still a common browser and as such its users are still at risk when new flaws are discovered. Somehow I imagine this will not be high on Microsoft's "to patch" list.