Recently I wrote:
Another basic problem [of Microsoft software] is the tendency to blur the distinction between executable code and data.
Not to belabour the issue, but I was pleased to see that in the current issue of "CRYPTO-GRAM" Bruce Schneier, one of the world's leading security experts, makes the same point:
: Security vulnerabilities aren't like the weather; they don't just : happen. They are the result of mistakes: mistakes in the code, : mistakes in design, or mistakes in specification. MyDoom spread across : the Internet because of an enormous vulnerability in e-mail software: : users are allowed to execute arbitrary e-mail attachments. : : This is a bug. I know it's generally called a feature, but it's : not. It's a design flaw. It's a huge security vulnerability. And I : think it's high time we started calling it that.
http://www.schneier.com/crypto-gram-0402.html#8
Frank