To return this to a (boring) topic, I felt the same as fox when I read the docs about that header. It looks like a "hit me with a XSS when I least see it coming"-thing. I can't understand the rationale of such a header, after the huge number of XSS exploits that have been made and the fact that browsers implemented a number of XSS restrictions "just to be on the safe side".
Probably for backwards compatibility. Folks want to keep accessing sites/apps that allow them to be hacked the way they used to be. Makes using the web much more exciting.