This is an old bug, and has already been discussed. As far as I have been able to tell so far there is no security problem with this, unless there is already other security flaws with how data is transmitted.
It's already been discussed on the devs list, and in the "Development" forum. In regards to the flaw, it really shouldn't be too much of an ongoing concern because as most people realise, web authors probably won't bother tarketing the "Elite 1%". It's far easier for them to target IE security flaws, because of the sheer number of IE users out there, especially ill-informed ones at that.
That's interesting, but I've had my onUnload JS events turned off via Proxomitron the whole time. Isn't it pretty common for web servers to get referer data from your browser, though? When I had websites on Yahoo Geocities it was easy to see which site any given IE surfer had last visited before they accessed my site & I could even match them with particular IP addresses, among other things.