Is Google Chrome Frame Secure?

Are there any security issues around using Google Chrome Frame plugin for any version of Internet Explorer? 
Microsoft will not comment on on 3rd party software.
Does the Chrome Frame make the client machine less secure, if so, how much or to what degree?  My take is that it does make the browser less secure and its just a matter of time before Metasploit or an attacker creates their own script taking advantage of this.  You can see below that running the wmic commandline shows all the switches and it shows that this application is disabling popup protection and its disabling a client side phishing detection.
>wmic process get commandline, processid, parentprocessid
"C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe" --automation-channel=ChromeTestingInterface:6008.2 --chrome-frame --no-first-run --disable-popup-blocking --user-data-dir="C:\Users\*\AppData\Local\Google\Chrome Frame\User Data\iexplore" --chrome-version=12.0.742.122 --lang=en-US

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           6500             6388

"C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe" --type=renderer --chrome-frame --disable-client-side-phishing-detection --lang=en-US --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --user-data-dir="C:\Users\*\AppData\Local\Google\Chrome Frame\User Data\iexplore" --channel=6388.0243DBD0.723744261 /prefetch:3
6388             4892
 
Can someone explain all the switches Chrome is using and why is it disabling popup-blocking and client side phishing detection?
 
Does this run in its own sandbox?  I am going to test breaking out of the process and seeing if I can esculate my privledges using the migrate command after exploiting the browser.