Some years ago, I was working on a web-based voicemail/telephony
interface and discovered that the then-current version of MSIE would
look at the last portion of retrieved URLs and, if they looked like a
recognized file extension, it would completely ignore Content-Type and
attempt to behave based on the extension. I lost a fair bit of time
trying to figure out why it kept trying to execute the page returned
(with Content-Type text/plain!) when I started testing login with an
email address. MSIE saw
http://some.server.com/foo?blah=blah&email=bar@baz.com
as a .com file and wanted to treat it accordingly...
I'm pretty sure that's been fixed by now (or at least I really hope it
has, given the security implications!), but I could see it happening
again.