I don't have a specific favourite, whatever works is good with me :-)
The rise in the popularity of client side exploits, particularly web browser exploits, was that it debunked the age-old reasoning that you cannot get 0wned simply by looking at an email/web page/other data source. It was likely that this thinking contributed to proliferation of client side flaws.
The lesson? Never trust the data. Code like all data coming in is potential malicious and should be treated as suspect. Or is the lesson don't let the world's most popular web client rended your email?