This is a good criticism, and is being dealt with as part of the process of moving to Firefox 1.0. Keep in mind that we are still using a beta browser here, it's not at 1.0 yet, for these kinds of reasons.
There is not need to download the 0.9.2 upgrade if you don't want to, if you are using only the default profile, you can just download a tiny 1 kB patch here [update.mozilla.org].
You can do it manually too, it's just a matter of turning off the shell: support.
From what I've gathered, this affects only Windows XP pre service pack 2, that particular windows vulnerability has been patched in sp2.