I have a buddy who is in web work for a living and hacks for a hobby on the side. He is about the biggest geek I know and if a better coder exists out there, I sure haven't met them. He is about as anti-Microsoft as you can but after years of avoiding IE is back to using it as one of his primary browsers (Chrome and Opera are the others). He too raves about the speed and significantly better security on both IE8 and IE9.
Neo...well...IE still has its security vulnerabilities. these systems aren't stand-alone - they depend on libaries, third party binaries, etc., etc. but my point all along has been the OS it usually rides on. It's a standard axiom in security that any controls higher in the system stack can be defeated by exploits lower in the system stack.
sounds like you have an industrious friend! I was watching a DEFCON tape the other day and the hacker de jour (not making fun of your friend...but it is a strange sub-culture)....was explaining some research he had conducted on hacking rfid systems that may be used in the future as part of mass transportation network systems (e.g., closure warnings). he opened up by stating "A few things about me...I hate people." I about spit out my coffee.