A security researcher said that Safari users are at risk of littering their desktops with malicious software because the browser does not ask for user permission when downloading files.

Writing in his blog, Nitesh Dhanjani said that a rogue Web site can easily download a Safari Carpet Bomb to the Windows desktop or downloads directory on the Mac. He said Apple did not feel it was an issue they want to tackle at this time.

Apple denies the problem is a security issue and claims that it is just a method to raise the bar against unwanted downloads. Safari doesn't warn users when a local resource attempts to invoke client-side scripting, creates a risky situation for most browser users. Apple said it is investigating creating a 'safe' mode for local HTML.

However, of course, it does mean that it has to throw out the myth that Apple software is much more secure than Windows, so it probably does not want to talk much about it.

More here.