This toolbar installs ActiveX controls, device drivers (currently REing avgtpx86.sys, which hooks registry and filesystem accesses) and services. Let me repeat: a toobar that installs a device driver. If you haven't noticed that, you haven't done a good job of testing this. You might not have been able to know about this specific issue in advance, but guess what: that's another reason to not take a risk.

I have not ensured Dolphin users are safe from side effect or bugs, but we've ensured that at least we don't insert critical vulnerability issues in their web browser. We ensure that by not installing a toolbar.

No, this bundle does not have less bugs than most other software packages out there. You don't seem to understand what a CVSS score of 10.0 means. It's REALLY bad, as in, if someone visits a website on IE with that toolbar installed, their computer is in control of the website owner. It's a dream for drive-by installs.

I haven't spent a lot of time looking at the driver they bundle, but from my quick glance, it disables some code signature features and does some IO operations on all new devices connected to a computer. Not sure about details yet, but yeah, it sounds BAD. What a surprise! A toolbar that ships with a driver does bad stuff!

You ship this software in your "Recommended" install. You recommend users should install this. You can't get away without taking responsibility for this.