FWIW (and much to the dismay of marketers everywhere) the latest lookout no longer uses the infernal exploiter as its html rendering engine. It now uses the msword renderer which is quite a bit safer. I'm not sure about ecmascript, but it at least does not support activex. ~Jason --