I agree with you, but at this point we're just axe-grinding. It's unfair to fault Microsoft for not implementing it in an alternate reality where it was a good idea to do so.
But not Mozilla and Opera, and Google have said they're prepared to pull support if the vulnerabilities become more than theoretical. I just don't think it's fair to single out Microsoft for not implementing something that half the browsers out there (including IE's closest rival) intentionally disabled.
I wish we could have WebSockets, but it was not Microsoft's failure to implement that made them unusable in the general case.
About 20% of Mibbit users are using websocket and have been for several months.
It's inevitable that any security worries will be rectified (Hopefully by simplifying the protocol rather than adding another layer of needless complexity), and browsers will update.
MS may as well implement what exists now, even if they decide to leave it up to the user to enable it.
