In large measure I agree with the point you are making, but I think there is a point you are missing.
> if E has credibility (at least) for not creating new dangers...
In one sense, it's true that E could create security problems by virtue of poor implementation. In the larger sense, however, it isn't "E" that creates the security problem; it's the user who does so.
Firewalls exist for two reasons: to protect a company from outside attack (the alleged reason) and to socially discourage some of the ways in which people inside a company communicate with the world. The latter, please note, is not an enforceable property in any strict sense.
You may say, and I might agree, that there are already many ways that people communicate across firewall boundaries, and that from a purist perspective adding another doesn't change the security story.
However, information leakage is not merely about who can copy what bits. It is also about the social learning curve associated with new tools. More and more Information tools are now groupware-enabled, and typically do not contain mechanisms that facilitate users who wish to take care about which things cross corporate boundaries. During the organizational learning curve on a new tool, it may be highly desirable to make it difficult for the tool to cross the firewall.
If a non-turing-complete application has means to load and store things across a firewall, there is a certain amount of damage that a user can do with it..
If an application is turing-complete (e.g. any app with a decent macro language), it is a much more powerful application, and the potential consequences of user error are in consequence much larger. Further, a well-intentioned user may load behavior (code) that runs as them that does things they don't intend to do. Couple this with the ability to cross a firewall and you have introduced a new opportunity for the user to *admit* the trojan horse by downloading it and running it.
Now one answer to this is: educate the users not to run unknown programs. In the face of embedded macros this grows increasingly difficult for the user to detect and therefore increasingly difficult to implement.
How this relates to E:
If I am a paranoid company, and E makes it easy for my employees to electronically collaborate with others from the corporate workplace, I would probably be reluctant to install it. The problem is that in a world of increasingly easy software download, non-installation policies are growing nearly impossible to enforce.
From a purely social perspective, I might argue that education is the right answer and tight controls of this sort are self defeating. Ultimately, this is why Silicon Valley still exists and Route 128 does not. Regrettably, most companies are a long way from being ready to work in the new reality.
shap