[GranPC]

Originally it used Windows's built-in embeddable IE thing, which as you can imagine was not stellar for security. IIRC there have been some incidents with bad servers serving up MOTDs that exploited vulnerabilities in Trident to execute arbitrary code.

I believe they switched to Chromium while preparing for the OS X port. You'd think this would be good for security, but they then proceeded to update to the latest version approximately once a decade.

[nxobject]

I know a lot of servers exploited that as well to play music in the background... in retrospect, the idea of a web view hanging around while you're in a game is terrifying.

[IYasha]

Yes! And all of that just to parse some <font> and <img> tags? :D

Also, to be fair: it was VGUI2, which, AFAIK, was introduced with Steam UI and still used in HL2. And was never made available to modders of GS.