Their "we know better than Webmasters" approach which led them to "MIME-sniffing" in the first place is the cause of this problem. If a site is broken, then render it as broken -- at least then there is then some chance that the Webmaster might fix it.
Instead we get the world where IE "sniffs" pages and included objects and tries to "figure out" the MIME-type, while every other browser simply accepts the HTTP Content-Type header sent by the server, as intended by the originators of the HTTP protocol.
This is unnecessary complication, leads to problems such as that described here, and only serves to make IE "look good" and other browsers "look bad" when rendering technically-broken sites. I'd rather see a few broken sites than suffer security problems.