Was doing a bit of ‘drag and drop’ on my mac a while back, when I accidentally ‘dropped’ in the wrong place. The result was a web page that rendered in the software update window.
Not really so surprising given the ubiquity of the webkit in Mac OSX, but to have it render pages so nicely – even with Javascript – was an amusing find.
I don’t know if this opens up a potential security issue, but I could see it as attractive to a nefarious person if they could render their own content into this window in an attempt to trick a user into doing something stupid.