The second IE7 flaw is now out there...
From WebUser.com: Microsoft Admits Flaw In IE7
Security vendor Secunia has reported a second flaw in Microsoft's new Internet Explorer browser. This time, though, Microsoft has accepted the vulnerability as genuine and posted advice to users on its security blog.
The flaw could cause some users to fall victim to phishing attacks, which is particularly bad news for Microsoft - one of the hyped new features of IE7 was an improved anti-phishing facility.
Secunia says that the issue lies in the address bar of the browser.
"The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions," reads a note on Secunia's website.
In some ways, I feel bad for Microsoft... Must suck to walk around with a target on your back...