The problem with Microsoft's implementation is that it allowed any Javascript to be executed -- so CSS became a vector for XSS attacks (one of the early MySpace worms was based on this feature). This implementation only allows very basic math, and is so is inherently a lot safer.
Completely agree - Mozilla's scaled-back implementation, which appears to be closer in line with the standards track - is much safer and marks a better approach anyway (several at MS have been openly recommending against using dynamic attributes for some time now).
It's moves like this among vendors that force us to think about that line between "experimentation and innovation" vs. implementing "proprietary features."
As NathanKP mentioned below, we'd all do well to push vendors to come back together toward standard implementations across all popular browsers. Here's hoping.
