All I can say is that they are still deploying an ActiveX module that digitally signed (and now expired) in 2010. Presumably that means the module hasn't been updated since then.
Frankly it's embarrassing for them to have to require client to disable security to allow these expired packages to be installed.
If that's the case, does that give them a tiny bit of leeway in the browser compatibility arena?
My last company's billing software used these same ActiveX controls that required your security on IE to be disabled to be installed, flaky install still at best after you jumped through all the hoops.
God was that a nightmare..