The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.
Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat.
Clicking on this link with Safari using default settings automatically downloads a booby-trapped file onto a Windows user's desktop with no prompting. The next time the user opens Internet Explorer, the force-fed file automatically causes the notepad.exe application to launch and open a non-existent file. Of course, miscreants could choose far more nefarious code.
...it's interesting to note that Safari is the only major browser that automatically downloads the rogue payload. Gives a whole new meaning to Apple's "It just works" mantra.