In answer to your third outline problem, whats so different about that problem now?
As it is, scripters currently have access to sockets, which allows them to code methods to retrieve updates. Heck, bwrite and so forth are just as big a problem here.
Yes, we have a right to be "paranoid" but there is nothing stopping a blackhat scripter from maliciously coding something that does this with the current "toolset".
Its like every other programming/scripting language that's available on the market.
Please note, I do agree with you, auto downloading files is a bad idea, however, the option to manually check for updates from within mIRC would be good, however, I personally think it wouldn't be too hard to script currently (the updater that is) with a socket or two.