As far as I'm concerned, it's bad.
The new UAC from Windows 7 should be better as users can now decide when UAC should raise and alarm. The setback came in the first beta version of Windows 7 where a simple script was sufficient to start all programs within admin rights, without users knowing about it. The problem is rectified but only halfheartedly . Attackers can ease off the UAC through DLL injection even in the RC version, even giving all program admin rights.
When the attacker starts the Internet Explorer with this function, it disables the "Protected mode" and does not stop any hacker attacks. Microsoft does not help as they think that comfort is more important than hacking protection.
The DLL injection of the hacker gets hold of the Windows-internal DLLs, on which the entire operating system is structured. Normally, these libraries are protected by the UAC in Windows 7 but only if the account control is set to the safest mode.