Has OE always had the same holes as Outlook? I mean, aside from the address book, which I don't count due to just popularity.

Yes. Since both implemented IE to display e-mail messages, both suffered similar scripting holes. Any security home that affected IE affected these products. Plus several more holes were exposed due to the way Outlook and OE were using IE.

Of course MS's solution to security in 2003 is to piss off people. In the final beta version I had, there was no way of overriding its automatic block on "unsafe attachments". You will be forced to e-mail someone back requesting they send an attachment to you in .zip format, or renamed to avoid the MS controlled security block. It's really too bad they did this, because Outlook 2003 is actually a decent program.