It's the same old war between convenience and security. I, like Lagz
and StuartMW
, never open apps files within a browser. I first download the file and then scan it sixteen-ways-to-Sunday with multiple AV tools before opening it directly within the appropriate application. I consider that merely an ordinary element of "safe hex".
On the other hand, I personally know many users who want the file to open directly in the browser... for "speed and convenience". Some of them have gotten badly infected that way, others of them seem to perpetually be struggling with various functional problems with their browser when it attempts to open the connections to the appropriate viewer or apps software... and their resolved problems seem to revisit them almost every time their browser version is updated. That seems to me to be a high risk to run and a lot of frustration to wrestle with, all in the name of 'speed and convenience'.