First, I do not discredit those who complain about IE, as there is some validity to their arguments.
However, IMO, one of the problems with freeware is that there is no single point of responsibility, even if or when a security flaw may appear in their software. Nor, is their any requirement for thyem to go back and retest prior versions of their software or how it impacts other system applications.
FWIW, I recently attended a live web cast presentation hosted by Microsoft's VP for Security. During his presentation, he addressed the complaint that patches and hotfixes appear to be "slow" in being released.
He said that not only do they have to go back and review and test the problem and resolution for all prior versions (IE4, IE5, IE5.1, IE6, IE6.1), but they also have to test it and release separate versions for all of the various language versions of IE.
All told, I think he said that for the last IE hotfix patch, they actually had some 400 separate versions of the patch that they ultimately released.