OsioniusX's demos will make you want to turn off Internet Explorer's ActiveScripting features or switch to another browser altogether. Cookie grabbing, site spoofing (showing the URL in the browser for a legitimate site but different content entirely), page alteration (showing the content of a legitimate site but altering the page content-- perhaps adding or changing crucial information). I hope that this hiatus Microsoft is taking to refocus on security issues is fruitful. In the meantime, I may just have to use Mozilla.
Update: Microsoft has released a patch to address the majority of these issues. I suggest you click here and apply it if you use Internet Explorer.