Whats the point of having ActiveX controls that are not “safe for scripting”?
The important point to keep in mind is that the “safe for scripting” label only refers to whether a control is safe for a web site to use. There’s no telling who is operating a particular web site, and so it makes sense to limit what they can do. You wouldn’t, for instance, want every web site you visit to be able to modify data on your computer. In contrast, if a user chooses to run a program on his local computer, it should be able to do whatever it’s programmed to do – because only the user should be able to execute it. A computer on which you can’t, for instance, modify your own data isn’t much use. As a result, programs on the local machine can always run any ActiveX control, regardless of how it’s marked. This vulnerability gives web sites the ability to run a program (namely, the print template) and thereby execute ActiveX controls, even if they’re not marked “safe for scripting”.