I haven't used IE6, but a not so wild guess is Microsoft "security policy". It is the same thing as when outlook says that ".txt" files may contain virus, but ".doc" goes through as a known and trusted format. It is really pretty clever, since they are using the complaints about their software's unsafety to endorse their own formats and suchlike.

So I would suppose that there is a list of trusted sites, such as MS own, and a few others in the same network or similar friends of them that are listed as trusted already?

I'm not sure exactly how to deal with it, if that is the default setting in IE6, other than stating on your site that that IE6 users needs to change their settings. Possibly also detect the browser to display the alert. Since it is a setting in the browser, I don't think you can possibly change that from your site, that would render it useless.

One small other thing I could think off, is if you have cookies that aren't 100% complete with return paths and such, and that IE6 croaks on that. You might wanna see to it that you explicitly say in your cookie that it only should be returned to the site that set it.

Not much help I'm afraid.