Does disabling IDN have any undesirable side effects?
Good find on the security alert.
You won't be able to handle urls that use characters not used in English. Many east European languages or oriental languages for example.
Good to see at least one of the developers stayed awake and recognised a bad standard when they saw one. As Forest used to say, "Sheep is as sheep do-do." or something like that.
The standard is basically good. Unless of course you think that you shouldn't be allowed to access websites in countries that use other languages.
The problem is more in the implementation at the domain name registrar level. Each top level domain or nation should only use one character set. That way if you saw "www. microsoft. com" or "www. microsoft. us" you would know it was the English version. If you saw something like "www. microsoft. ru " or "www. microsoft.to" you would have reason to be suspicious. With the current system one could spoof "www .microsoft. com" by using alternate character sets for the "i" or "o" for example. Similar things have been done in the past using "1" or "0" to replace the "I" or "O".
Of course you can make yourself more secure by following the advice given by toasty's link
Solution:
Don't follow links from untrusted sources.