Yeah, I don't know why you have to be told each time it happens. If you're going to disable XXS, I sure would think about using a Host file to block some of the "nasties". XSS is used by most every site to "enhance your web experience" with advertising.
The problem is that the site you visit may not have control of what occurs in the script retrieved from the site doing the advertising. I've seen very reputable sites get blocked or blacklisted because the advertising site got hacked or was trying to do some less-than-kosher scripting. (Like reading your disk drives)
I spent about two weeks on IE9 and went back to IE8 so you-all are a better man than me.
I don't even know if the Host file is still implemented in IE9. Two weeks was about all I could take.