...Executable files (exe, scr, bat, pif, com, etc) will no longer be able to run from within wal/wsz skin files...
I hope they dont just scan the file for .exes etc as the only security measure. There are many different executable types aside from .exes and .bats etc, its unlikley they could catch them all.
Even if they did, it wont stop a .htm file executing an existing file (such as c:\windows\calc.exe or a ftp server or something).
Even if they stopped it executing stuff, running arbitrary files in the .htm zone is a security problem - you could for example have a frame which loads up a local file and read it and send it off to a remote site.
Winamp needs to set the secrity permissions for the web browser object to not allow scripting and various other restrictions.
Ive been looking into this stuff myself a bit lately, and have my name attributed to a couple MS security bulletins with IE so I know what Im talking about