[imp] Inline vs other window viewing of html

[Rick Irvine]

When I put together our old (1.x/2.x) horde/imp, there was a big hub-bub on
the lists about inline html and how bad it was.  This made sense to me.  My
old IMP will only allow folks to download html attachments.  It's a pain, but
I like this.  It let me sleep well at night. :)

Now I'm playing with IMP 3.1, and I'm finding that some html tags can be
shown inline even though I've specified in imp/config/mime_drivers.php to set
the html driver's inline field to false.  I sent myself a test message from
Yahoo with the type text/html with "<h1> hi! </h1>" and it showed inline.

A co-worker of mine sent me something from hotmail with html turned on and
while it didn't show inline, it did render the html in another window.  Is
that safe?  I thought the danger was in rendering HTML with java/script, php,
etc embedded in and run by the central web server was a Bad Thing (tm).

Is there a big different between inline vs rendered in a different window?
To me they sound pretty much the same, it's still the web server rendering
the html/dealing with the Evil Code.  Am I wrong?  (I admit I am no web
guru.)

Thanks!

- Rick