why this is the default setting in IE6&7
for security (and I believe legal) purposes
Personally I disable all active content from automatic execution that I can in FF and/or IE7. This includes activeX and java and anything else that looks suspicious. Sometimes that causes me trouble on a few sites but usually not and it makes me feel safer even though it probably doesn't actually really make me any safer.
But then I'm a dinosaur. I just don't want my machine executing someone else's code just on general principles.