If your firefox installation gets hopelessly fucked up and corrupted - which can happen - you can simply dump and reload it. You can't do that with IE.
Regarding the malware dangers of it being open all the time, the majority of the malware you get by browsing with IE installs itself *in* IE. Thus, without IE running, the malware doesn't run. Unfortunately, since IE is *always* running, if you have malware in IE, you've *always* got malware running. By contrast, with a browser that is merely a browser, it is less likely for malware infestations to leave the scope *of* that browser.
Regarding embedded IE being a security issue - I have DEFINITELY seen apps embedding IE for HTML rendering result in spyware infestations. As an example, a car dealership I've consulted with was getting constant crippling spyware infestations on a weekly basis, until I finally got them to switch to Firefox, at which point they stopped - until suddenly, after two months, they started getting infestations again. The culprit? An employee using Windows Media Player for streaming radio. Some of the channels he was hitting - using WMP only, never opening a "web browser" per se - had malware embedded in the HTTP: streams being fed to the embedded IE rendering engine in WMP. Result: malware.
Modularity is a huge issue. I don't necessarily have a problem with a system-available HTML rendering library, my problem is that if you can't dump and reload it, it makes it dramatically more difficult to keep the system stable. If you're only familiar with Windows, it may be easy for you to accept this as "just how it is, a lot of stuff just can't be dumped and reloaded like that"; whereas if you're familiar with *nix type operating systems, you'll be used to EVERYTHING being modular, replaceable, and even do-withoutable - everything from the GUI rendering engine itself to the window manager to even the *text* based shell(s) for command-line control.
Complete modularity of the OS makes "black-box" troubleshooting and repair possible - got a problem - malware OR simple corruption - in your HTML engine? Drop it and reload it. Still got a problem? Then that wasn't it - look for rogue or corrupted services running. Find one of them that isn't behaving as expected? Drop and reload *it*. There's literally nothing there that you can't simply unload and replace with a new copy in a known good state quickly and easily. By comparison, if you get corrupted IE, you can't just dump and reload IE - you have to hunt through literally hundreds of registry entry points to *repair* your existing IE. If malware installs a rogue service on your machine, you can (sorta) easily just remove the rogue service - but what if it instead *corrupts*, say, the RPC service? You can't uninstall and reinstall RPC. Worse yet, the workstation service?
Re: If only IE was an application
Regarding the malware dangers of it being open all the time, the majority of the malware you get by browsing with IE installs itself *in* IE. Thus, without IE running, the malware doesn't run. Unfortunately, since IE is *always* running, if you have malware in IE, you've *always* got malware running. By contrast, with a browser that is merely a browser, it is less likely for malware infestations to leave the scope *of* that browser.
Regarding embedded IE being a security issue - I have DEFINITELY seen apps embedding IE for HTML rendering result in spyware infestations. As an example, a car dealership I've consulted with was getting constant crippling spyware infestations on a weekly basis, until I finally got them to switch to Firefox, at which point they stopped - until suddenly, after two months, they started getting infestations again. The culprit? An employee using Windows Media Player for streaming radio. Some of the channels he was hitting - using WMP only, never opening a "web browser" per se - had malware embedded in the HTTP: streams being fed to the embedded IE rendering engine in WMP. Result: malware.
Modularity is a huge issue. I don't necessarily have a problem with a system-available HTML rendering library, my problem is that if you can't dump and reload it, it makes it dramatically more difficult to keep the system stable. If you're only familiar with Windows, it may be easy for you to accept this as "just how it is, a lot of stuff just can't be dumped and reloaded like that"; whereas if you're familiar with *nix type operating systems, you'll be used to EVERYTHING being modular, replaceable, and even do-withoutable - everything from the GUI rendering engine itself to the window manager to even the *text* based shell(s) for command-line control.
Complete modularity of the OS makes "black-box" troubleshooting and repair possible - got a problem - malware OR simple corruption - in your HTML engine? Drop it and reload it. Still got a problem? Then that wasn't it - look for rogue or corrupted services running. Find one of them that isn't behaving as expected? Drop and reload *it*. There's literally nothing there that you can't simply unload and replace with a new copy in a known good state quickly and easily. By comparison, if you get corrupted IE, you can't just dump and reload IE - you have to hunt through literally hundreds of registry entry points to *repair* your existing IE. If malware installs a rogue service on your machine, you can (sorta) easily just remove the rogue service - but what if it instead *corrupts*, say, the RPC service? You can't uninstall and reinstall RPC. Worse yet, the workstation service?
You get the idea.